Hackers undercover in many key information systems

Experts say that the hacker's attack pattern in recent ransomware cases is similar, they all lie undercover for a while, then encrypt the ransom data.

At a seminar on preventing ransomware data encryption on the afternoon of April 5 in Hanoi, Lieutenant Colonel Le Xuan Thuy, Director of the National Cyber ​​Security Center - Ministry of Public Security, said there is a wave of ""ransomware"". ""active"" in encryption attacks to demand ransom targeting organizations and businesses.

According to Mr. Vu Ngoc Son, Head of Technology Research Department - National Cyber ​​Security Association, there is currently no evidence to show that this is an organized campaign because the techniques in the attacks are not the same, possibly from various cybercriminal groups. However, the common point of the consecutive incidents that have occurred in the past short period of time is that malicious code has been installed and ""lurked"" in the systems of organizations and businesses for a long time, especially in Key sectors such as electricity, banking, securities, payment intermediaries, telecommunications, oil and gas and healthcare.

Giving an example of ""undercover"", Mr. Thuy said that last year, a bank in Vietnam suffered great losses because of malicious code hidden deep in the system. Malicious code silently collects customer data, understanding the data structure. The hacker group screened a number of customers with a lot of money in more than million accounts. They then conduct transactions by accessing the victim's account, changing the registered phone number to another number and installing smart banking on the new device. After completing, the hacker went back into the system and changed back to the old phone number.

""When being 'undercover' like that, the danger level is very high. Sometimes hackers even understand the system better than the management staff of that organization,"" Mr. Thuy said.

'Black market' sells system access

Mr. Le Xuan Thuy said there exists a market specializing in selling and providing malicious code and security holes. Thanks to that, attack groups do not need to be too skilled to still have the right to use and access malicious code to serve nefarious purposes.

Sharing the same opinion, according to Mr. Vu Ngoc Son, on the ""black market"", there are groups that specialize in penetrating the system and then reselling exploitation rights to other groups. Even those who discover security vulnerabilities have two options: sell it back to the system developer to receive a reward, or sell it on the black market at a higher price.

""Selling security holes, selling system access has become an industry,"" Mr. Son said.

Meanwhile, awareness of the role and importance of ensuring network safety and security among most information system owners is still limited. Response capacity and ability to handle and fix incidents are low, many important information technology systems are invested inconsistently, lack periodic supervision, inspection and evaluation, technical weaknesses exist, security hole.

""Translating awareness into action in Vietnamese organizations and businesses has quite a high delay. 5 days ago, when participating in troubleshooting an organization that was attacked, I realized that the incident could have happened. could have been prevented in advance, because we sent a warning about a compromised account to that unit, but no one did anything, probably because they thought the receptionist's computer was not important,"" Mr. Son took his wallet. example.

According to statistics from cybersecurity organizations, from the beginning of 2023 until now there have been more than 13,750 attacks causing problems on information systems in Vietnam. In the first 3 months of 2024 alone, the number of attacks is 2,323, including serious incidents such as VnDirect and PVOIL.

At the end of March, the Department of Information Security - Ministry of Information and Communications also asked securities companies to review the implementation of information security by level; Develop an incident response plan, plan to periodically back up systems and important data to promptly restore in the event of a data encryption attack and report incidents to the Department according to regulations; Check and update patches for important systems according to warnings from the Department and relevant agencies and organizations.

Author

AiUTOMATING PEOPLE, ABN ASIA was founded by people with deep roots in academia, with work experience in the US, Holland, Hungary, Japan, South Korea, Singapore, and Vietnam. ABN Asia is where academia and technology meet opportunity. With our cutting-edge solutions and competent software development services, we're helping businesses level up and take on the global scene. Our commitment: Faster. Better. More reliable. In most cases: Cheaper as well.

Feel free to reach out to us whenever you require IT services, digital consulting, off-the-shelf software solutions, or if you'd like to send us requests for proposals (RFPs). You can contact us at [email protected]. We're ready to assist you with all your technology needs.

© ABN ASIA