In 2023, there will be 13.900 cyber security attacks on systems in Vietnam, an increase of 9,5% compared to 2022. Of these, there are up to 554 websites of agencies, government and educational organizations with domain names. .gov.vn, .edu.vn were hacked, gambling and betting advertising codes were inserted.
On December 12, Vietnam National Cyber Security Technology Company (NCS) published a report summarizing the situation of Vietnam Cyber Security in 12.
Cyber attacks increased by 9,5%, an average of 1.160 incidents per month
According to NCS's synthesis, 2023 recorded 13.900 cyber attacks on organizations in Vietnam, an average of 1.160 cases per month, an increase of 9,5% compared to 2022. Targets suffered many attacks The most successful in the past year were government agencies, banking systems, financial institutions, industrial systems and other key systems. In particular, in the last 3 months of 2023, the number of cyber attacks increased sharply, up to 1.614 cases in 1 month, one and a half times higher than average.
The reason is because at the end of the year, agencies, businesses, and organizations have many IT projects that need to be completed, and personnel often have to operate at over 100% productivity, so many errors are likely to occur. This is also a chance opportunity for hackers to attack and destroy.
According to NCS statistics, up to 342 educational websites with the domain name .edu.vn and 212 government agency websites with the domain name .gov.vn were attacked in this way. In particular, there are many websites that have been attacked many times without a thorough solution.
To prevent cyber attacks, organizations need to review the overall network security architecture and periodically test and pentest the services and devices in use. Deploy 24/7 network security monitoring systems, which require collecting complete activity logs (logs) of the entire system, ensuring storage for at least 6 months, and appointing a specialized person in charge. or outsource network security monitoring services.
Data encryption malware broke out at the end of the year
According to NCS's synthesis, the rate of computers in Vietnam attacked by malicious code in 2023 is 43,6%, although a slight decrease of 8,6% compared to 2022, it is still at a high level in the world. Vietnam's efforts to continuously reduce the rate of computers infected with malware over the years are worthy of recognition, because previously in 2018, this infection rate was still very high at more than 60%.
In the past year, many cases of ransomware data encryption attacks have been recorded, causing serious consequences. Not only do they encrypt data to demand victims pay ransom, hackers can leak and sell data to third parties to maximize the amount of money collected. Up to 3 computers and servers have been recorded as being attacked by data encryption malware, an increase of 83.000% compared to 8,4.
In particular, in the fourth quarter of 4, the number of data encryption attacks increased sharply, exceeding 2023% compared to the average of the first three quarters of the year. Some key facilities also recorded data encryption attacks at this time. The number of data encryption malware variants appearing in 23 is 3, an increase of 2023% compared to 37.500.
Warning about data leaks and rampant online fraud
The situation of user data exposure in Vietnam is at an alarming level. According to 2023 statistics, the Ministry of Public Security had to warn and handle tens of millions of cases related to personal database infringement. More seriously, this data has been sold on forums, even on Telegram groups. Accordingly, it only takes a few thousand dong to get a person's personal data via contact phone number.
There are two main causes of data leaks in Vietnam, the first reason is due to systems that collect and store user information but do not ensure security, thereby being infiltrated by hackers. data is stolen or employees actively sell it out for illegal profits. The second reason is that users are subjective and careless in revealing information online or on online shopping websites. Junk SIM cards, widespread junk bank accounts, leaked personal data along with the popularity of DeepFake technology have led to a series of online fraud cases occurring in 2. Bad guys rely on data obtain and create scenarios specific to each target, and use DeepFake to fake images and voices, making it very difficult for victims to detect.
According to statistics, there are more than 24 different forms of fraud, the most prominent of which are "light job, high salary" fraud, stock investment fraud, foreign exchange investment fraud with huge profits, impersonating relatives and friends. Having an accident, pretending to be a police officer or a tax official is tricked into installing a fake app to take control of the phone. In many cases, victims have lost huge sums of money, up to billions of dong.
According to PhD experts, the introduction of Decree 13/2023/ND-CP on personal data protection and the upcoming Decree on sanctions related to personal data protection will force organizations to Collecting, storing, and processing personal data must be responsible for strengthening and improving management measures as well as technical measures to ensure data security. People also need to increase vigilance, proactively protect personal data, and seek information to identify fraudulent tricks. From there, it helps you have self-defense skills when participating in cyberspace.
Cyber security forecast 2024
According to NCS, in 2024, forms of cyber attacks, targeted APT attacks on key systems, and data encryption attacks will continue to occur. Digital transformation is taking place strongly, making smartphones extremely important in life and work, but also becoming a very attractive prey for hackers.
Mobile users will face more malware that can penetrate, exploit vulnerabilities, and take control of phones, including phones running Android and iOS operating systems ( Iphone). There will be large-scale attacks targeting IoT devices, especially devices capable of collecting information and images such as security cameras and public advertising screens.
Artificial intelligence (AI) technology has made miraculous developments in 2023 and will continue to explode in applications in 2024. This will lead to tools serving bad purposes such as fraud and attacks. network. Generative AI such as ChatGPT and DeepFake will be used to compose scam scenarios to steal victims' money. Malicious code and vulnerability exploitation tools will be equipped with artificial intelligence to increase the ability to exploit vulnerabilities as well as help bypass network security solutions.
TRAN BINH