The attack on the technology system of VNDIRECT Securities Joint Stock Company (VNDirect) is a warning to all securities companies as well as financial institutions to proactively review their network security systems.
Tpress data encryption
On the morning of March 26, VNDirect retrieved the "key" to decrypt the data, hoping to completely recover the data. Usually the company has a backup system that will be brought up to "run" (applied) soon in case the main system is attacked. "However, in the case of VNDirect, the backup system may have been attacked, not just the main system, causing the recovery time to be prolonged and having to "disconnect the system" as happened," Mr. Vu Ngoc Son, Technology Director, NCS National Cyber Security Company, commented.
VNDirect has announced that it plans to reconnect with exchanges and investors to buy and sell normally from Thursday (March 28, 3). This is not a very long time, with a large amount of data like VNDirect's, recovery needs to be calculated in units of days. "If VNDirect can do as announced, it will be a great and remarkable effort," commented Mr. Vu Ngoc Son.
Ms. Vo Duong Tu Diem, Director of Kaspersky Vietnam, said: "Recently, we have had many warnings about the risks of attacks on financial systems. We all know that no system is absolutely secure, so banks and financial institutions need to focus on investing in information security to reduce the possibility of malicious actors invading the system. systems of organizations".
Ensuring "4 layers" of safety
According to an expert from the Vietnam Information Security Association, the attack on the VNDirect system is a warning to organizations about the need to invest heavily in IT systems, including network security. It's time for securities companies to ensure network information security for the system according to the "4-layer" defense model guided by the Ministry of Information and Communications.
According to a technical report conducted by the National Cyber Security Monitoring Center under the Information Security Department, in consecutive months of January and February 1, the technical system of this center has successively recorded 2 and 2024 weaknesses and information security holes in information systems of state agencies and organizations.
Talking about the risk of cyber attacks on financial systems, Mr. Yeo Siang Tiong, General Director of Kaspersky's Southeast Asia region, shared: "Currently, as financial technology advances, banks open more connection ports, integration with third-party applications... This has created opportunities for cybercriminals to sabotage important systems, so financial systems must be even more careful. than".
The Department of Information Security (Ministry of Information and Communications) has just issued a warning about 6 information security vulnerabilities with high and serious impacts in Microsoft products announced in March 3. Specifically, the information security vulnerabilities in Microsoft products that are warned to units in Vietnam this time are: vulnerabilities CVE-2024-2024 in Windows Hyper-V, CVE-21408-2024 in Microsoft Exchange Server, CVE-26198-2024 in Windows Hyper-V, CVE-21407-2024 in Open Management Infrastructure – OMI, CVE-21334-2024 in Microsoft SharePoint, and CVE-21426-2024 in Skype for Consumer.
TRAN LUU – BA TAN