Security vulnerabilities seen from the VNDIRECT incident

After 5 days since the cyber attack that paralyzed the system, today, March 29, VNDIRECT company announced that it is expected to resume operations from April 1. The inaccessibility incident lasted up to 7 days, showing the severity of the attack, and at the same time raising concerns about the risks from potential, undetected security vulnerabilities in the information technology systems of organizations and businesses.

Mr. Ngo Tuan Anh - CEO of SCS Smart Cyber ​​Security Company said that although the form of ransom attack is not new, it has only appeared in Vietnam on a small scale. "The attack targeting VNDIRECT can be considered the largest data encryption attack ever recorded in Vietnam, having a huge impact on users," Mr. Tuan Anh assessed.

The expert also commented that it is "impossible" to say that information security systems and network security are 100% secure today because security holes and weaknesses can appear every day. Hackers regularly explore, test and use global scanning tools to find attack loopholes. They will look for systems and software with weaknesses that have not been patched to penetrate, thereby carrying out acts of sabotage or serving financial and political purposes.

"This incident is a warning to all of us when deploying large information technology (IT) systems containing a lot of data. To maximize efficiency, we need protection systems combined with intelligent safety monitoring, anomaly detection systems, and high priority for network security," the CEO of SCS emphasized.

Sharing the same view, the technology director of the NCS cybersecurity company - Vu Ngoc Son commented that cybersecurity incidents targeting companies and financial institutions always create great risks for users and the market. He said: "This incident is a lesson, a warning bell for companies and financial institutions to quickly review their systems to ensure that such unfortunate incidents do not happen in the future."

The leader of NCS explained that Vietnam is now connected to the world, so it is not new for hacker groups to target domestic businesses and organizations. The methods of operation of these groups are increasingly sophisticated, applying very high technology, so according to him, if Vietnam does not have cyber defense systems that meet international standards and class, it will be very difficult to prevent.

He said that hacker groups often scan for vulnerabilities on the target system to find the point of entry, then "blend in" to lie in wait, capturing information for a long time before carrying out a damaging attack. "We have calculated that in most attacks, hackers have broken in before the customer knows. Most of these come from exploiting weaknesses in the software. When an attack takes place, people only know there is a security hole," Mr. Vu Ngoc Son shared.

The two cybersecurity experts also said that businesses and organizations need to set up information security solutions in the current context, including backup and quick response. Units need to reserve a system similar to the main system, need to isolate so that when an incident occurs, it can quickly shift as quickly as possible, maybe in minutes to minimize damage.

Continuous network security monitoring is also always necessary because vulnerabilities always exist and are not easily detected. When there is an illegal intrusion, it needs to be detected early. The earlier the detection, the higher the rate of successful attack prevention as well as limiting risks and damages to businesses, customers and the market.

In Vietnam, the Ministry of Information and Communications has introduced a 4-layer defense model. Accordingly, each enterprise needs 4 layers of security defense including: Specialized cyber security force, on duty regularly; Hiring an independent monitoring team to monitor; Conducting regular system scans and assessments; Connecting with national cyber security monitoring systems.