What does the Ministry of Information and Communications say about the series of cyber attacks on VNDIRECT and PV Oil?

At the regular press conference of the Ministry of Information and Communications (MIC) on the afternoon of April 8, Mr. Tran Nguyen Chung - Head of the Information System Security Department, Information Security Department said that recently there have been many cyber attacks and malware attacks in Vietnam, focusing on large enterprises in the fields of securities, finance, banking, and electricity.

“Cyber ​​attacks and malware attacks are not new problems, but they are emerging concerns regarding information security in 2024 and the coming time,” said Mr. Chung.

The main method of hackers is to exploit and infiltrate the business system, lie in wait for the right opportunity to break the lock and demand ransom.

Lessons learned from these incidents, Mr. Chung assessed that if agencies, units and businesses comply with legal regulations and have periodic assessments to overcome incidents, they can detect, prevent and mitigate incidents early.

According to Mr. Chung, there are regulations requiring information systems of state agencies and enterprises to periodically assess information security every year to promptly fix incidents and prevent information security.

Through recent incidents, the Information Security Department believes that if the above review regulations are strictly implemented, businesses and agencies can overcome and mitigate incidents.

“The regulation requires agencies and units to develop incident response plans in all situations. Important systems need to be backed up and protected to reduce damage, as well as how to communicate to the outside world… In the past, agencies and businesses have deployed but invested in systems that were not commensurate with their systems, and there is a lot of data on the network, so the risk of malware and ransomware attacks will be more frequent,” said Mr. Chung.

Mr. Chung also said that cyber attacks are inevitable, but the important thing is how organizations and businesses are prepared to respond and restore operations.

As an immediate solution, the Department of Information Security has sent a document to the review units to have a comprehensive assessment of the information security system.

Prime Minister Pham Minh Chinh also issued Official Dispatch No. 33/CD-TTg requesting ministries, branches and localities to strengthen network information security. The Ministry of Information and Communications hopes that agencies and enterprises will review their management systems, strictly implement information security inspection timelines, comply with legal regulations and strengthen information security at all levels.

“Until now, when there is an incident, units often hide information, which makes it difficult to warn widely, and there is no lesson for related agencies. Therefore, when agencies have an incident, they need to comply and coordinate with competent authorities to promptly warn widely, minimizing damage to agencies and units in each field,” Mr. Chung said.

Previously, on March 24, hackers attacked the encryption of VNDIRECT's technology system. After more than a week since the incident was discovered, with the support of authorities and a team of cybersecurity experts from major cybersecurity companies in Vietnam, the incident was basically resolved and VNDIRECT's system restored trading operations from April 1.

However, just one week after the cyber attack that encrypted all of VNDIRECT's system data was discovered, on April 2, Vietnam's cyberspace continued to record that PV Oil was illegally and intentionally attacked, causing disruption to the entire information technology system of the enterprise.

The cyber attack has caused PV Oil's information technology system to be suspended, including the electronic invoice issuance system for sales, which is temporarily inoperable.