More than 300,000 attacks on Vietnamese businesses in the first half of 2025

This situation puts Vietnam in second place in Southeast Asia in terms of the number of exploits, just behind Indonesia (524,657 cases). This also shows that many Vietnamese businesses are still using information technology systems that have not been fully updated, creating conditions for hackers to attack.

Kaspersky experts explain that an exploit attack is a form of cyber attack that takes advantage of security vulnerabilities, errors in software, operating systems or unpatched applications to illegally penetrate the system. If successful, hackers can take control of data, systems and business resources.

In Q2 2025, Microsoft Office and Windows products continued to be the most popular attack targets. Three specific vulnerabilities were frequently exploited, including CVE-2018-0802, CVE-2017-11882, and CVE-2017-0199.

In addition to traditional software, new technology platforms such as low-code/no-code (LCNC) and Artificial Intelligence (AI) application frameworks are also being exploited by hackers. Low-code/no-code platforms allow users to build applications through intuitive interfaces with simple drag-and-drop operations, without the need for traditional programming knowledge. Thanks to that, users can easily and quickly create websites and mobile applications from available templates. Many businesses are deploying these tools to optimize operational processes and improve labor productivity. However, if not strictly controlled, these tools can become new security weaknesses.

In parallel with exploit attacks, the number of online threats (web threats) targeting Vietnam also tends to increase significantly. In the first half of 2025, Kaspersky security solutions in Vietnam blocked a total of 1,174,407 online threats (attacks on users while accessing the Internet, such as fake websites, malicious code hidden in downloaded files or online advertisements). This figure shows a growth of 13.7% compared to the same period in 2024.

In terms of cyber threats, Vietnam ranks behind Thailand (2,524,439 incidents), Malaysia (1,703,788 incidents), and Indonesia (1,626,984 incidents). This increasing trend reinforces the view that Vietnamese businesses are becoming more frequent targets of regional cybercriminals.

To mitigate risks, Kaspersky recommends businesses take proactive action:

Periodic Vulnerability Testing : Conduct periodic vulnerability testing in a secure virtual environment, avoiding direct manipulation of the real system.

24/7 Monitoring : Ensure 24/7 continuous system monitoring, while focusing on implementing perimeter cybersecurity defenses.

Maintain a patching process : Regularly update security software and maintain an automated patching process to promptly address vulnerabilities.

Building a cybersecurity culture : Implement employee training programs on how to identify risks and build an internal cybersecurity culture, helping to proactively mitigate risks before incidents occur.

Source: https://doanhnghiepvn.vn/chuyen-doi-so/hon-300-000-vu-tan-cong-doanh-nghiep-viet-trong-nua-dau-nam-2025/20251015025315784