Warning of security vulnerabilities and weaknesses in computer systems

The National Cyber ​​Security Monitoring Center (NCSC), Department of Information Security (Ministry of Information and Communications) recorded that in June 2023, the information systems and computers of state agencies and organizations had nearly 50,000 security vulnerabilities and weaknesses. This number has decreased by about 14% compared to May 2023, but is still 25.8 times higher than the same period in 2022.

In the first 6 months of 2023, the technical system recorded more than 160,170 weaknesses and vulnerabilities in the computer systems of state agencies and organizations. Security experts explained: Every month, hundreds of new vulnerabilities are announced by computer equipment and software manufacturers and security companies to warn users. Because the computer systems of many units and organizations in Vietnam have not updated patches in time, the number of security vulnerabilities in server and computer systems is very large and will increase.

The Department of Information Security, Ministry of Information and Communications, stated that the discovery of nearly 50,000 security vulnerabilities in the computer systems of state agencies and organizations is very large and potentially dangerous. The Department has directed the National Cyber ​​Security Monitoring Center to assess and identify security vulnerabilities with high levels of danger and widespread impact to guide ministries and branches on how to fix them. At the same time, the Center warns about vulnerabilities that have been and are being exploited by attack groups to carry out targeted attacks.

In fact, the computer systems of many government agencies have been invested and equipped for many years, and are now outdated. Anti-virus software and firewalls to protect computer operating systems are not updated regularly, leading to hidden vulnerabilities in the computer system. In addition, many government agencies have a large number of computer devices connected to the network but do not have enough IT staff to implement, control all devices in the system, update patches to remove vulnerabilities. Along with that, due to the rapid development of technology, generations of computers, software, old devices that are not upgraded will not be supported when installing and updating new security software when the old anti-virus software has stopped working. The habit of using security trial versions and non-genuine security software makes computers unprotected from viruses. The existence of many potential vulnerabilities puts the information systems of agencies and organizations at risk of being attacked, infiltrated and lying in wait for an opportunity to attack, causing unpredictable data and economic losses.

Security experts recommend that the technical team in charge of security of the unit, the computer system administrator of the agency, and large organizations need to carefully review the system. For old systems that cannot be upgraded, the network partition should be separated and unsecured devices should not be connected to the internet. For systems that can be upgraded, it is necessary to urgently update patches and increase monitoring and regular analysis to detect signs of intentional attacks.

In the technical report on the information security situation in June 2023, the Department of Information Security said that last month, the technical system of the National Cyber ​​Security Monitoring Center recorded 410,828 Vietnamese IP addresses in the botnet, down 19% compared to May 2023. Of which, 148 computer internet addresses (IP addresses) of state agencies and organizations (including 14 IP addresses of ministries, branches and 134 IP addresses of provinces and cities).

According to VNA