Foreign security firms have warned Vietnam’s enterprises and organisations about the ever-growing threat of cyber security attacks.
At last week’s Security World conference, the biggest IT event in Vietnam in 2015, PricewaterhouseCoopers’ Technology Consulting partner in Singapore Jimmy Sng recalled a big hack against Vietnam’s state-owned post and telecommunications group VNPT as one of many attacks against Vietnam’s websites and portals.
On March 14, 2015 hackers attacked an old server of VNPT in the Mekong Delta province of Soc Trang to steal information about the names of customers and the fee charges following VNPT’s upgrade of a variety of old servers at its branches in different provinces. Information stored in 10,000 accounts, including phone numbers and addresses were made public on the internet by a Vietnamese hacker collective, calling itself “DIE Group”.
“In Vietnam, 280,000 cyber attacks were recorded in Ho Chi Minh City in 2014, a record of 300 per cent increase from 2013,” Sng said. “Attackers can remain undiscovered for about 205 days, exposing organisations to potential malicious activity for months.”
AIG’s Asia Financial Lines head Jason Kelly also warned that Vietnam ranked 12th in the list of countries facing the most cyber attacks. In addition, Vietnam ranked third in the list of countries with the most virus-infected applications downloaded for the Android operating system.
“Attacks on Vietnamese websites rose from 2,250 in 2011 to 3,520 in the first seven months of 2014. Vietnam suffers yearly losses of nearly $380 million from cyber attacks due to inadequate information security protection,” he stressed.
Kelly also cited a survey by the Vietnam Information Security Association which stated that 55 per cent of Vietnamese firms and institutions failed to establish procedures on information security. In fact, 45 per cent of them were infected with self-spreading malicious codes.
According to a survey by Ernst Young, 49 per cent of Vietnam’s firms did not see privacy as a top priority while 40 per cent failed to research security issues.
Trend Micro Vietnam and Cambodia country manager Ngo Viet Khoi said in Vietnam, cyber threats would continue to multiply at a more pervasive, persistent, and sophisticated level. Attackers had access to significant funding.
“They are more patient and sophisticated than ever before, and they are looking for vulnerabilities in the whole operating environment, including people and processes. There is a clear and present danger, but organisations are not moving fast enough to mitigate the known vulnerabilities,” Khoi said.
Khoi cited a hack against against Sony as dominating all cyber-security conversations in late 2014. The hacker group took over the corporate network, stole a treasure trove of sensitive data and dumped them online to expose plenty of private information such as email exchanges of executives, names and passwords, and personal information of involved parties.
Last August, Chinese hackers targeted some 750 Vietnamese websites in a week, with victims including eight government and 40 school websites.
Vietnam’s Government Information Security Committee’s IT Network Security Centre director Tran Duc Su said that in Vietnam, few agencies, ministries, or departments had a well-equipped security division, which lead to easy losses of data/information in an era where every organisation could engage in economic espionage.
In 2014, the Ministry of Public Security discovered that nearly 6,000 websites and portals in Vietnam were hacked, including 246 bearing the gov.vn domain.
Meanwhile, according to BKAV – the leading internet security firm in Vietnam, 40 per cent of Vietnamese websites are at risk with 151 critical vulnerabilities. Some 4.7 million computers in Vietnam have been attacked by 2,852 new viruses in February 2015 and 347 websites of Vietnamese state agencies and enterprises were attacked by hackers during this period.
VIR