13,900 cyber attacks on systems in Vietnam

According to the Vietnam cybersecurity summary report in 2023 released by NCS Cyber ​​Security Company on December 12, there were 13,900 cyber attacks on organizations in Vietnam, an average of 1,160 cases per month, an increase of 9.5% compared to 2022.

In particular, in the last 3 months of 2023, the number of cyber attacks increased sharply, up to 1,614 cases in one month, one and a half times higher than average.

The reason is that at the end of the year, agencies, businesses, and organizations have many information technology projects to complete, and staff often have to work at 100% capacity, so there is a high possibility of errors. This is an opportunity for hackers to attack and sabotage.

According to NCS experts, the top 3 most attacked vulnerabilities in Vietnam in 2023 are people, platform vulnerabilities and website vulnerabilities, respectively.

Of these, the highest rate is human weakness, accounting for 32.6% of the total number of incidents. Accordingly, hackers use fake emails (phishing) with malicious attachments in the form of text files or content with fake login links to take over accounts and control users' computers remotely.

The second most common weakness is the vulnerability of the software platforms and services installed on the server, accounting for 27.4%. The exploited software is Mail Server software (email service server), content management platform, data sharing platform, etc.

The third weakness is self-developed website vulnerabilities, accounting for 25.3% of the incidents. Commonly exploited vulnerabilities are SQL Injection (an attack technique that takes advantage of data vulnerabilities), weak administrative passwords, or the use of vulnerable libraries.

Not only collecting, modifying, and stealing data, hackers also openly insert hidden links (backlinks) advertising illegal content such as gambling and betting onto official websites.

According to NCS statistics, up to 342 educational websites with the domain name .edu.vn and 212 government agency websites with the domain name .gov.vn were attacked in this way. In particular, many websites were attacked many times without a complete solution.

What to do to prevent cyber attacks?

According to NCS's recommendations, agencies and organizations need to review their overall network security architecture and periodically check and evaluate (pentest) the services and devices in use.

Deploy 24/7 network security monitoring systems, which require full collection of activity logs of the entire system, ensuring storage for at least 6 months, and assign a specialist or outsource network security monitoring services.