Regularly scan for system "vulnerabilities" after cyber attack on VNDirect

According to cybersecurity experts, the information system of VNDIRECT Securities Company was attacked by a group of professional international hackers, causing all company data to be encrypted. Ransomware attacks have been a nightmare for businesses and organizations around the world over the years, due to the serious consequences they can cause. Experts also liken ransomware to a "nightmare" and "ghost" in cyberspace.

Mr. Vu Ngoc Son, Technical Director of NCS Company, said: With ransomware attacks, hackers often infiltrated several months ago through system vulnerabilities and controlled the data. Therefore, to fix it, experts must look back at the intrusion log to determine how much control the hacker has. Sometimes, to completely eradicate a ransomware attack, the operating unit must also change the system architecture, especially the backup system.

“Therefore, with the problem VNDIRECT is facing, we think it will take more time, even months, for the system to fully recover,” said NCS Company Technical Director Vu Ngoc Son.

Regarding the form of ransomware attacks, Mr. Vu Ngoc Son analyzed that with ransomware attacks, hackers often enter the system through a number of ways such as password detection, exploiting system vulnerabilities, mainly zero-day vulnerabilities. Financial companies often have to meet the prescribed standards, so the possibility of password detection is almost impossible. The most likely possibility is an attack through a zero-day vulnerability. Accordingly, hackers remotely send error-causing data segments, causing the software to fall into an uncontrolled state when processed. Next, hackers run remote execution code and take control of the service server. From this server, hackers continue to collect information, use the obtained administrative accounts to attack other servers in the network, and finally run data encryption tools for extortion.

According to statistics from Vietnamese cybersecurity companies, in recent years, businesses have always been concerned about ransomware attacks. Last year, Vietnam's cyberspace recorded many ransomware attacks with serious consequences; in which, there were cases where hackers not only encrypted data to demand ransom, but also sold data to third parties to maximize the amount of money collected. According to NCS statistics, in 2023, up to 83,000 computers and servers in Vietnam were recorded to be attacked by ransomware.

Experts also commented that, in addition to being a "wake-up call" for the units managing and operating important information systems in Vietnam, the cyber attack on VNDIRECT also once again showed the danger level of ransomware. To prevent this, according to experts, operating units and cybersecurity service providers must regularly scan for software "vulnerabilities" to "patch" them in a timely manner. At the same time, units must implement the "4-layer" model process of the Ministry of Information and Communications: On-site forces; Professional monitoring and protection organizations or enterprises; Independent organizations or enterprises that periodically inspect and evaluate; Connect and share information with the national monitoring system.

At the March 2024 State management conference of the Ministry of Information and Communications, Deputy Minister Pham Duc Long said that the system of VNDirect Securities Company had "collapsed", the system was locked and even ransom was demanded. This incident reminded us of the incident that happened to Vietnam Airlines in the past. After that incident, the awareness and work of ensuring network information security of the whole society and organizations were raised."

However, Deputy Minister Pham Duc Long warned: "The incident with VNDirect continues to warn organizations that if they are subjective, negligent, and do not fully invest in information security for the system, they will be greatly affected."

According to Deputy Minister Pham Duc Long, the occurrence of cyber attacks on organizations is also an opportunity to see the need to continue to raise awareness of network information security for the whole society. "Cyber ​​attacks have been and are happening in many countries. Relevant units of the Ministry need to step up communication and raise awareness for the whole society."