Jul 10, 2014 / 14:02

Government agencies warn about increased cyberattacks

The Hanoitimes - The number of cyberattacks on Vietnamese websites, especially government agencies’ websites with “gov.vn” domain name, has been increasing.

The Vietnam Computer Emergency Response Team (VNCERT), in its report about information security in the first half of the year, said that it found 405 phishing cases from December 30, 2013 to June 10, 2014, of which 250 cases were settled. 
It also found 648 deface attacks, including 72 cases targeting national organizations’ and agencies’ websites. Of these, VNCERT fixed 34 cases related to the websites with domain name “gov.vn” and 281 cases related to other domain names.
There were 345 malware attacks, of which 147 were settled. The response team gave warnings to 2,117 IP addresses belonging to state agencies which suffered from botnet.
The VNCERT’s report also pointed out that in May 2014 alone, there were 989 attacks from foreign sources, including 541 attacks carried out by Chinese hackers. Sixteen Vietnamese victims were state agencies and organizations.
Most recently, ESET, an internet security firm, reported that the website of the Ministry of Natural Resources and the Environment (MONRE) at www.monre.gov.vn was hacked and important information was stolen.
ESET believed that the hackers attacked the website with “spear-phishing”, a form of phishing through emails, but targeting certain objects.
The hackers seemed to know well that the officers of the ministry used webmail to check mails and therefore, they had to download attacked files to their computers to read the document files. When officers opened the downloaded files, an embedded code exploited holes to install “payload.exe”, a malicious code, into the MONRE’s information system.
Vu Quoc Thanh, Deputy Chair and Secretary General of the Vietnam Information Security Association (VNISA), confirmed the high percentage of state agencies’ websites with security holes.
A VNISA survey in 2013 found that 78 percent of state agencies’ websites had serious security holes. The survey, carried out on 100 randomly chosen state agencies’ websites, found 35 security holes on average on every website.
According to Vo Do Thang, Director of Athena HCM City, there could be many different reasons behind the security holes on the websites.
Many source codes of the websites have been developed with out-of-date technologies with many holes.
Website administrators could also be the culprits because they did not strictly follow security procedures (using simple passwords, or not updating patch versions…).
Also, agencies use unlicensed software and apps which have malicious codes. The errors allow hackers to penetrate systems and hijack them, change the content of websites or insert malware.
The 2013 Kaspersky Lab’s report showed the increasingly high number of online attack threats worldwide. Vietnam was named as one of 10 countries that “scattered” the most malicious software.
Meanwhile, a survey by VNISA conducted in 2013 showed that Vietnamese enterprises and agencies spent 0-5 percent of total investment on information technology solutions, while experts believe that the rate should be 10-15 percent.