What do tech experts say?

According to the police investigation, Tam used the phone number 096123… to open a payment account at a bank in Ho Chi Minh City. In May 2023, Tam used the bank's application, entering the registered account number on his phone. He then opened an online savings account on the application with a value of 1 million VND. According to the bank's regulations, with his 1 million VND savings account, Tam could borrow 850,000 VND. However, Tam illegally tampered with the bank's financial information system, altering the collateral transaction code of the 1 million VND savings account to over 51 billion VND. From May 23rd to June 9th, Tam tampered with the bank's system seven times, withdrawing and transferring a total of over 10.5 billion VND to his personal account (later returning 500 million VND to the bank). Tam withdrew 6.5 billion VND, and the remaining amount, which he hadn't had time to withdraw, was discovered and frozen by the bank.

Opinions from technology experts

Commenting on this cyberattack, Mr. Vu Ngoc Son, Chief Technology Officer (CTO) of NCS Company, said that the case is currently under investigation by the police, so there is no precise information yet on how the hackers infiltrated the system.

Based on initial information, Mr. Son suspects that the hacker may have exploited a vulnerability in a component of the bank's system, thereby interfering with the collateral management system to modify data. This is quite unusual because the hacker modified data directly related to their own personal loans and accounts. Therefore, simply by reviewing the transaction history logs on the system, the hacker could have detected the attack. In the past, there have been many cases of hackers attacking banks, then using other people's accounts and transferring money through multiple intermediary banks, making detection, investigation, and asset recovery much more difficult and complicated.

Mr. Son added: "Currently, all banks are equipped with systems to monitor unusual transactions, as well as SOC systems to monitor and detect cyberattacks, so detection is only a matter of time. If detected early, the consequences will generally be mitigated. To prevent similar incidents, banks need to strengthen the review of system vulnerabilities, enhance cybersecurity monitoring, and monitor unusual transactions to quickly detect incidents and handle them promptly."

Speaking to Thanh Nien newspaper about the incident, Ms. Vo Duong Tu Diem, Director of Kaspersky Vietnam, stated that the hacker's actions constituted interference, causing system damage and potentially creating vulnerabilities that could allow other hackers to infiltrate. If the bank had responded promptly to this incident, the data of other customers would not have been affected. Conversely, the consequences could have been financial and reputational losses for users.

For users of online payment services, Kaspersky offers advice to help them avoid becoming victims of hackers. First, they recommend using virtual cards for online payments, blocking old cards and using new ones at least once a year. Users should also set low payment limits on their payment cards or maintain low balances, and ensure that banks always require one-time code (OTP) confirmation for online payments, 3D authentication, or similar mechanisms.

To avoid becoming a victim of hackers, users need to carefully check payment methods and website addresses before entering financial information. Ideally, they should use cybersecurity solutions such as security applications and antivirus software to protect online payments.