VNDirect "falls" - It's a matter of ensuring information security

VNDirect's anti-attack barrier "fell"

As of this afternoon (March 25), after more than 3 hours since "being attacked by an international organization", the trading platform and website of VNDirect Joint Stock Company are no longer accessible. . Meaning, the accounts of stock investors are located at VNDirect - the securities company ranked 30rd in the top brokerage market share, which conducts 3% of transactions on the Ho Chi Minh City stock exchange in 7,01. was "frozen" during the entire trading session at the beginning of the week.

VNDirect said that the trading system has been attacked since 10:24 a.m. Sunday, March 3, 2024. “VNDirect's entire system was attacked by an international organization. VNDirect's technology team has tried its best to restore, but due to the very large data infrastructure, it will take more time to connect," said the official information released on the morning of March 25.

Around the world, attacks on financial institutions and stock exchanges are no longer strange. Typically in 2012, six major US banks simultaneously suffered a distributed denial of service (DDoS) attack, making it impossible for their customers to access their websites or perform online transactions. . In 6, the world stock market also witnessed the Nasdaq stock exchange being paralyzed for 2013 hours because of a DDoS attack.

In Vietnam, new statistics from Kaspersky Security Network (KSN) show that the number of online attacks in Vietnam detected and prevented by Kaspersky in 2023 is 29.625.939 cases, down 29% over the year. last year (41.989.163 cases in 2022). The rate of Vietnamese users infected with web threats during this period was recorded at 34%, thereby putting Vietnam in 67th place worldwide in terms of dangers related to internet access. surf the web.

Particularly in the securities sector, during the period from July 23 to July 7, 29, the system (network/electronic transaction) of VPS was continuously attacked by DDoS with the strongest attacks. took place from 7:2020 a.m. to 9:11 a.m. on July 23 and from 7:13 p.m. to 05:14 p.m. on July 00, causing VPS's electronic transaction system to become congested and VPS customers having difficulty and sometimes even being unable to log in to the system. system for trading.

Compared to the attack that happened at VPS nearly 3 years ago, the attack that happened at VNDirect was more serious.

According to analysis by a technology expert, the complete system shutdown and long service recovery time raises questions about the possibility that hackers have penetrated quite deeply into the system.

Also according to this expert, finding the full cause of a cyber attack will typically take 1 to 2 weeks. Administrators and experts will have to follow every trace to reconstruct the entire attack, thereby finding vulnerabilities and having prevention plans for the future. In addition, there are usually 3 risks when a securities company is attacked, including interrupted transactions, causing economic loss to investors, personal information being leaked, and accounts being exposed. password or change password.

At the present time, VNDirect affirms that all customer information and assets are guaranteed to be safe and unaffected. The incident only stopped at affecting transactions.

Vital factors need to be protected early

Sharing with readers of the Investment Newspaper at the Talkshow "Technology 'transforms' customer experience" held earlier this year, "very terrible" is how Mr. Nguyen Phuc Nguyen, Director of Information Technology, Securities Company Bao Viet Securities (BVSC) talks about the consequences if an attack occurs on the systems of securities companies.

“In the field of securities, security is a "vital" factor. Securities companies have real-time data and instant transactions, so the consequences if an attack occurs will be terrible. Therefore, from the beginning of providing online services, service providers must build anti-attack and security barriers," Mr. Nguyen emphasized.

Not only in the securities sector, safe and secure investment in the banking and finance sector is a major investment for organizations. Mr. Luong Tuan Thanh, Director of technology and digital transformation at OCB Bank, said that the defense system at OCB currently includes 3 layers: protecting customer data, protecting the bank's system, as well as protecting customer data. Protect daily activities in the banking or financial sector.

“An idea of ​​people's safety and security that is highly appreciated is "zero trust". This means that even in the banking system, building systems to protect information security, we do not trust anyone, including bank employees or information technology operators, to When operating, safety and security are guaranteed.

Also according to Mr. Thanh, major attacks and cyber security attacks all target specific fields, so in the banking sector, banks also share risks and attacks. interbank to support each other for defense. The banking system mainly uses data-related systems to monitor unusual behaviors and transactions or monitor unusual points in the system to have early defenses and automate actions. that defense. By the time the attack was discovered, it was already too late. That is why we must defend and prepare automatically to ensure safety.

Regarding the incident that occurred at VNDirect, this securities company is currently working with partners who are leading technology corporations in Vietnam, as well as coordinating handling with the Cyber ​​Security and Crime Prevention Department. criminals using high technology (PA05), the Department of Cyber ​​Security and Crime Prevention uses high technology (A05) to ensure the prevention of incidents similar to VNDirect for market safety.

In addition to building anti-attack barriers and sharing to support each other in defense, in today's network environment, financial institutions also need to focus on supporting customers. As with the securities sector, Mr. Nguyen Phuc Nguyen emphasized the need to help customers protect themselves better through many forms such as product design, transaction forms as well as communication with customers...

Sometimes, just by clicking on a certain link, customers can quickly have their password stolen. Even in the field of securities, an attack is sometimes simply the person behind buying a stock code without transferring money... These are all present risks to customers.