HANOI: Recent cyberattacks on large corporations in Vietnam are sounding alarm bells about domestic cybersecurity systems, requiring prompt action to defend against malicious attacks.

Over the past two weeks, three companies reported suffering from cyberattacks which had serious consequences.

On March 24, securities company VNDirect’s entire system suffered a ransomware attack, resulting in the temporary unavailability of the trading platform. Not until a week later could the system be reopened.

The Post and Telecommunication Joint Stock Insurance Corp also reported a cyberattack on its system nearly at the same time as the attack on VNDirect’s system.

Most recently, PetroVietnam Oil Corp reported a ransomware attack on April 2 which caused disruptions to its information systems, including the issuance of electric invoices. The company’s system underwent troubleshooting and returned to normal operation on April 4.

These cases are just the tip of the iceberg.

The Authority of Information Safety (AIS) under the Information and Communications Ministry has warned about the increase of cyberattacks in Vietnam, especially ransomware in which cybercriminals seize and encrypt data then ask for ransom payment.

The AIS’ statistics showed that there were more than 2,330 attacks on the information systems in Vietnam in the first quarter of this year, causing system disruption and serious damage while affecting national cyberspace security.

According to Vietnam National Cyber Security Technology Corp (NSC), there were 13,900 cyberattacks in 2023, an increase of 9.5% against 2022. In particular, ransomware attacks caused serious consequences. Around 83,000 computers and servers were reported to have been attacked by data encryption malware, up by 8.4% over 2022.

Specifically, the number of ransomware attacks increased sharply in the last quarter of 2023, up 23% against the average of the three previous quarters.

BKAV Corp in early March also warned that LockBit Black, a new variant of an infamous data-encryption virus, had begun to attack systems in Vietnam.

BKAV’s virus monitoring and warning system recorded more than 19,000 servers attacked by ransomware from 130,000 malicious IP addresses in the world, an increase of 35% over 2022.

A report by Viettel Cyber Security Co showed that there have been at least nine ransomware attacks targeting big companies and organisations in Vietnam recently that encrypted hundreds of gigabytes of data and required ransom payments estimated to total around US$3mil.

The National Cybersecurity Association early this month warned about the alarming situation of increasing cyber-attacks targeting the key information systems of agencies and businesses in Vietnam, especially in sectors such as electricity, banking, securities, payment intermediation, telecommunications, oil and gas and healthcare.

Ngo Quoc Vinh, deputy director of VNSC Global Solution Technology which focuses on developing information security products and services, said that Vietnam’s cyberspace is witnessing an increase in ransomware attacks.

However, there is not sufficient grounds to determine that this is a targeted attack campaign on Vietnam.

He said one of the reasons Vietnam is in the group of countries that suffer many cyberattacks is that many users in Vietnam have the habit of using pirated or invalid software provided for free on the Internet.

This creates conditions for cybercriminals to easily install malicious code inside systems for a long period of time.

Ransomware attacks often do not start immediately and hackers wait for the right time to achieve the greatest level of impact and gain the most financial benefit, he said.

Vu Ngoc Son, NSC’s technology director, said that a series of cyber-attacks occurred in just a short period of time targeting sectors including securities, energy, telecommunications, and healthcare. These attacks are similar in that hackers were under cover for some time before encrypting data for ransom.

In these cases, attack techniques are not the same, however it is unlikely that the attacks were carried out by a group of hackers, or that they were an advanced persistent threat.

To encrypt data, hackers must have enough time to know which data is important. Therefore, hackers have to install malicious code to collect information every day then analyse, evaluate and select targets for encryption.

The implementation of defensive solutions by Vietnamese companies and organisations remains limited, while cyber attacks are increasingly sophisticated, Son said, stressing that systems in Vietnam face the risk of being attacked at any time.

According to Truong Duc Luong, chairman of Vietnam Network Security Joint Stock Co, recent cyberattacks which have drawn significant attention because of their impact on people, are just the tip of the iceberg.

The positive point of incidents like these are that they raise attention on the need for cyber security.

However, cyber security is a long journey, not just stopping at how to handle specific attacks, but learning lessons and applying them in practice are much more important. “If network security is not properly understood, it will be the first thing to be mentioned and also the first thing to be eliminated in cost optimisation.”

“Prevention is better than cure,” Vinh said, adding that it’s time for enterprises to pay more attention to methodical investment in information security.

He said that the short-term strategy for enterprises and organisations is to immediately use information security assessment, operation and monitoring services from professional organisations.

In the long term, enterprises and organisations need to develop strategies to be able to autonomously ensure information security with a suitable investment roadmap for a comprehensive information security architecture. — Viet Nam News/ANN