The results of the review of inappropriate advertising content on the website of a state agency with the domain name .gov.vn is a notable information in the report on the information security situation in December 2023 and statistics on data sharing connections on malware and monitoring. This report has just been announced by the Department of Information Security ( Ministry of Information and Communications ).

According to the Department of Information Security, recently, many government agency websites have been exploited to install, post, redirect or link to inappropriate advertising content such as card games, gambling, etc.

Although the Ministry of Information and Communications has continuously issued widespread warnings and requested units to review and handle the existence of inappropriate content on the websites of state agencies, however, up to now, the review results of the National Cyber ​​Security Monitoring Center - NCSC still show that 84 websites of units under 12 ministries, branches and 19 localities have been exploited to upload a large number of files with malicious content. Among them, there are a number of ministries and provinces with many websites exploited to insert inappropriate content such as Ho Chi Minh City, Quang Binh, Hanoi, Hai Duong, Quang Nam , Ministry of Health, Ministry of Industry and Trade, Ministry of Labor, Invalids and Social Affairs.

State agency website 1 1.jpg
Not only collecting, modifying, and stealing data, hackers also openly insert hidden links advertising illegal content such as gambling and betting on government agency websites. (Illustration: Nguyen Thai)

Statistics show that from August 2023 - the time the Department of Information Security began adding a section to review state agency websites that had inappropriate content inserted into technical reports - up to now, the total number of times state agency websites were warned was 316.

Despite periodic warnings, the number of ministries, branches, localities and state agency websites with inappropriate advertising content inserted and reminded by the Department of Information Security has not decreased. Specifically, in the months from August to December 2023, the number of ministries, branches and localities where the websites of their affiliated units were exploited to insert harmful content and inappropriate advertising were 15, 28, 27, 23 and 31, respectively. The total number of state agency websites with inappropriate advertising content inserted and reminded by the Department of Information Security in the months of August, September, October, November and December were 38, 67, 71, 56, 84, respectively.

In its monthly warnings, the Department of Information Security has specifically reminded ministries, branches, and localities that allowing the situation of government agency websites being exploited to insert files with malicious content is extremely dangerous.

“These files appear in Google search results and redirect users to other websites when they access the link. This will become serious if it is exploited to post and disseminate bad and toxic content, distorting the sovereignty , policies of the Party and policies and laws of the State,” the Department of Information Security analyzed.

State agency website 19211.jpg
Recently, the Ministry of Information and Communications has proactively monitored to promptly detect government agency websites being exploited to insert inappropriate advertising content. (Illustration photo)

In the 2023 network information security assessment report and 2024 forecast, NCS experts pointed out that recently, hackers have openly inserted hidden links - backlinks advertising illegal content such as gambling and betting on official websites. According to NCS statistics, up to 342 educational websites with the domain name .edu.vn and 212 government agency websites with the domain name .gov.vn have been attacked in this way. In particular, many websites have been attacked multiple times without a complete solution.

Talking to VietNamNet reporter about the above situation, Mr. Nguyen Minh Duc, CEO of CyRadar Information Security Joint Stock Company, commented that there are two main reasons why many government agency websites are being exploited to install inappropriate content, which are: Websites have not patched the original vulnerability that hackers used to install malware; some systems have not been able to remove malware even though they have been infected. "To solve the problem thoroughly, units need to handle these two causes at the root," Mr. Nguyen Minh Duc shared.

Sharing the same view, NCSC experts also pointed out that some websites were attacked multiple times through information security vulnerabilities, and attackers could re-enter the website and edit content. In addition, attackers also took advantage of the website's information posting features such as Q&A, forums, etc. to post advertising information.

On the other hand, some units have been warned but have not handled or have not handled thoroughly. The three things that units need to do are to remove files and posts containing malicious content; investigate the cause or information security vulnerability that led to the installation of inappropriate content and fix it; review the source code and application server to remove malicious code that has been planted by the attacker.

From the review results, the National Cyber ​​Security Monitoring Center recorded that there are still government agency websites being exploited to insert gambling advertising content.