On April 5 in Hanoi, the Vietnam Information Technology Press Club (Vietnam ICT Press Club) in collaboration with the National Cyber Security Association organized a seminar "Preventing ransomware data encryption attacks." ”.
The goal of the discussion is to update developments and the situation of cybersecurity from the beginning of 2024 to the present. From there, experts attending the discussion will clarify the methods and meaning of encryption attacks, as well as give advice to businesses and organizations when encountering this situation.
In the digital era, agencies, organizations, and businesses must face threats, threats, and information security risks that are constantly increasing in cyberspace. According to statistics, from 2023 until now, there have been more than 13.750 cyber attacks on information systems in Vietnam causing incidents. In particular, in the first 3 months of this year alone, the number of cyber attack incidents on information systems in Vietnam was 2.323.
Recently, many Vietnamese businesses such as VNDIRECT, VPOIL... have reported being attacked by data encryption. When this incident occurred, the functional forces in charge of network safety and security, with the main force being A05 (Ministry of Public Security) and the Information Security Department (Ministry of Information and Communications), have been actively supporting with experts. These businesses fix and handle problems.
Vietnamese organizations and businesses continuously face ransomware attacks (a malicious software that uses encryption to keep important data of users or organizations so that they cannot access files, databases, etc.). database or application. The hacker will then demand a ransom to be provided with access) recently making many agencies and units worry whether there is a ransomware attack campaign. targeting domestic information systems.
Mr. Nguyen Viet Phu, Chairman of Vietnam ICT Press Club, said: "Extortion data encryption attack is not a new form of cyber attack but has become quite popular in recent years. Financial and securities institutions are always one of the top targets of ransomware attack groups. In fact, many financial, technology, and media companies around the world have also been attacked by ransomware, causing prolonged operational disruptions. It can be said that up to now, ransomware attacks have become a common problem for all businesses and organizations globally, especially financial institutions, banks or units that manage and process a lot of user data. . This problem poses a problem for businesses to increase security and protect the safety of information systems."
The National Cyber Security Association said that in response to this issue, the Department of Cyber Security and High-Tech Crime Prevention and Control (Ministry of Public Security) has proactively presided over and coordinated with the Information Security Department (Ministry of Public Security). Ministry of Information and Communications), relevant agencies coordinate the investigation and guide agencies and businesses to urgently fix and soon bring information systems back to normal operation, limiting the consequences of damage to agencies and businesses. The results of the investigation and handling of data encryption attack incidents show that the methods and tricks of this criminal group are extremely sophisticated and dangerous, and the attack scenarios of the hacker group have many similarities.
Attacking the system can stop all operations and transactions and make it difficult to recover sensitive data that has fallen into the hands of hackers. In particular, the data of these units plays a very important and decisive role in the organization's operations; must maintain and ensure high availability.
Currently, the international anti-ransomware initiative - Counter Ransomware Initiative (CRI) initiated by the US has issued a common policy statement between countries, which calls on victims not to pay ransom for their information. hackers, otherwise it will create a bad and especially dangerous precedent.
The National Cyber Security Association predicts that in the coming time, hacker groups will increase cyber attacks with ransomware, targeting key agencies, economic, financial, and energy organizations. complex variables, the possibility of malicious code attacks being installed deeply in information systems cannot be ruled out. Meanwhile, although the Department of Cyber Security and High-Tech Crime Prevention and Control - the Ministry of Public Security and related agencies have repeatedly warned, awareness of the role and importance of the work Ensuring network safety and security for the majority of information system owners is still limited; Response capacity and the ability to handle and overcome cyber attacks are still low; many important information technology systems are invested asynchronously and are not periodically monitored, inspected, and evaluated. ,Frequently, technical weaknesses and security vulnerabilities exist; Compliance with processes and regulations on ensuring network security is not strict; Investment in resources to ensure network security is still limited.
Mr. Vu Ngoc Son, Technical Director of National Cyber Security Technology Joint Stock Company (NCS) - Head of the Technology Research Department of the National Cyber Security Association, commented that the form of hacker attack is quite similar. They are all attacks that lie undercover for a while and then encrypt the data for ransom. However, the attack techniques are not the same, so it is likely that these are attacks by different cybercriminal groups. There is no evidence that this was an organized campaign. However, this possibility cannot be ruled out because the incidents occurred consecutively in a fairly short period of time.
Faced with this problem, the Department of Information Security has asked agencies, organizations and businesses to focus on implementing a number of other tasks in the coming time such as: Reviewing and organizing the implementation of information security assurance according to level; Organize effective, substantive, regular and continuous implementation of information security assurance according to the 4-layer model; Develop incident response plans for information systems under management; Implement a plan to periodically back up systems and important data to promptly restore in the event of a data encryption attack...
Mr. Vu Ngoc Son emphasized: "Cybersecurity is a war between people and people. It is inevitable that a system will be attacked. We must invest in defense to have better responses, especially avoiding the mentality of "losing a cow to build a barn", and should consider this as a long-term process of resistance.
Sharing at the seminar, Mr. Le Xuan Thuy, Department of Cyber Security and High-Tech Crime Prevention and Control - A05 Ministry of Public Security, also said that the frequency of attacks of similar incidents will increase more and more. , focusing on large systems. That's because the majority of Vietnamese businesses do not pay enough attention to safety and security issues, despite the wave of digital transformation taking place quickly and strongly. At the same time, many companies have neglected information security protection systems, or are linked to weak security member units... These are the main reasons why many companies become victims of cyber attacks. attack.
In addition, the delay in notifying the authorities when an incident occurs is embarrassing, there is no investigation and response plan, and hastily restoring the system... all make the situation worse. more, and even lose traces of the attack, leading to untraceability.
According to statistics, Vietnam currently meets over 90% of solutions to ensure network safety and security in the country. Vietnam is also one of the few countries that can be self-sufficient in cybersecurity solutions. Vietnam also has a full range of network security products and solutions such as transmission protection, firewalls, monitoring, attack detection and anti-attack...
However, Vietnam's cybersecurity solutions still face many difficulties in competing with foreign solutions, such as lack of human resources, lack of investment capital, lack of Government support, and lack of support from the Government. customer trust... Therefore, there needs to be synchronization and coordination between domestic and international agencies, organizations, and businesses to improve the quality and effectiveness of Vietnam's cybersecurity solutions. . In particular, the efforts of businesses to research and develop Make in Vietnam solutions are needed.../.