The cyberattack on the technology system of VNDIRECT Securities Joint Stock Company (VNDirect) serves as a warning to all securities companies and financial institutions to proactively review their cybersecurity systems.
Data encryption attack
On the morning of March 26th, VNDirect recovered the decryption key, hoping to fully recover the data. Normally, companies with backup systems would quickly activate them in case the main system is attacked. "However, in VNDirect's case, the backup system may have been attacked as well, not just the main system, causing the recovery time to be prolonged and requiring the system to be 'disconnected' as it occurred," commented Mr. Vu Ngoc Son, Director of Technology at NCS, the national cybersecurity company.
VNDirect has announced that it expects to reconnect with stock exchanges, allowing investors to resume normal trading from Thursday (March 28, 2024). This isn't a very long time, but with VNDirect's large volume of data, recovery needs to be measured in days. "If VNDirect can achieve its goal as announced, it will be a significant and commendable effort," commented Mr. Vu Ngoc Son.
Ms. Vo Duong Tu Diem, Director of Kaspersky Vietnam, stated: “Recently, we have received numerous warnings about the risks of attacks on financial systems. We all know that no system is absolutely secure, so banks and financial institutions need to focus on investing in information security to reduce the likelihood of malicious actors infiltrating their systems.”
Ensuring "4 layers" of safety
According to an expert from the Vietnam Information Security Association, the VNDirect system attack serves as a warning to organizations about the need to invest more in IT systems, including cybersecurity. It's time for securities companies to ensure network security for their systems according to the "four-layer" defense model guided by the Ministry of Information and Communications.
According to a technical report by the National Cybersecurity Monitoring Center under the Information Security Department, in January and February 2024, the center's technical system recorded 71,877 and 76,507 vulnerabilities and information security flaws in the information systems of state agencies and organizations, respectively.
Speaking about the risk of cyberattacks on financial systems, Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky, shared: “Currently, with the advancement of financial technology, banks are opening more connection gateways and integrating with third-party applications… This inadvertently creates opportunities for cybercriminals to carry out acts of sabotage against critical systems, so financial systems must be even more cautious.”
The Information Security Department (Ministry of Information and Communications) has just issued a warning about six high-level and critical information security vulnerabilities in Microsoft products announced in March 2024. Specifically, the information security vulnerabilities in Microsoft products that have been warned to organizations in Vietnam are: CVE-2024-21408 in Windows Hyper-V, CVE-2024-26198 in Microsoft Exchange Server, CVE-2024-21407 in Windows Hyper-V, CVE-2024-21334 in Open Management Infrastructure (OMI), CVE-2024-21426 in Microsoft SharePoint, and CVE-2024-21411 in Skype for Consumer.
TRAN LUU - BA TAN
Source
![[Video] Application of Biofloc technology in building an industrial-scale shrimp farming model](https://vphoto.vietnam.vn/thumb/402x226/vietnam/resource/IMAGE/2025/12/11/1765415061532_1765268925610-jpg.webp)
Comment (0)