Motivation for cyberattacks have shifted from fame or notoriety, to make money, as exemplified by the recent ransomware attack against leading Vietnamese broker VNDirect Securities, experts said Tuesday.
At a seminar on cybersecurity in the stock market organized by The Investor on Tuesday, Ngo Tuan Anh, CEO of SCS Cybersecurity JSC and deputy director of the Vietnam Information Security Association (VNISA), said that cyberattacks were not a new phenomenon in Vietnam, but the one on VNDirect had attracted serious public attention and concern.
Anh clarified that this was a global trend not particular to Vietnam. After such attacks, victims have two choices: abandoning the attacked files or paying attackers to recover them. As the payment, via cryptocurrency, is anonymous, it is impossible to track the attackers.
Businesses should focus on prevention and efforts to reduce the impacts of attacks, Anh said. He recommended that cybersecurity projects and securities businesses allocate at least 10% of their technology budgets on security workforce, solutions and processes.
As traditional security solutions such as firewalls and shields are more vulnerable to cyberattacks, businesses should also invest in monitoring that enables early detection and reduces the impacts of cyberattacks, he said. By detecting unusual activities such as probes made by hackers, the monitoring system can help alert and/or render hackers less harmful.
Underinvestment in cybersecurity can lead to unforeseeable disadvantages, Anh argued. Another problem was underdeveloped human resources due to limited cybersecurity training and the gap between training programs and actual cybersecurity developments.
He suggested that firms use cybersecurity services of professional providers, saying the cost would be more affordable than fines and temporary removal of business licenses.
Nguyen Anh Tuan, editor-in-chief of The Investor, also remarked on the trend of profit-driven cyberattacks, especially ransomware attack. He noted that the late March ransomware attack against VNDirect Securities had negatively impacted the firm and its customers and triggered panic among stock investors.
Tran Minh Quan, a specialist with auditing major PwC Vietnam, said a recent survey had found businesses around the world listing ransomware attacks among the top five cybersecurity risks in the next 12 months. Other potential risk include attacks via cloud computing, which is an inevitable part of businesses' digitalization process, he added.
Quan noted it is generally recommended that victims neither pay nor contact the attackers because this would only encourage the latter into launching more attacks. Besides, it is very difficult to identify mercenary attackers, he said.
Nguyen Hong Son, deputy head of the Pentest (penetration testing) division under Information Security Center of Vietnamese telecom giant VNPT, said there was no denying cyberattacks were on the rise. The banking-finance sector is set to become a top target for hackers looking to make good money, he said, adding that new technologies like artificial intelligence (AI) and deep-fake were being used to launch subtler, more sophisticated attacks.
He also highlighted the under-developed legal framework on cybersecurity in Vietnam. For example, foreign nations require stock exchanges and public firms to submit cybersecurity reports, while Vietnam's legal framework is yet to stipulate them.
Ngo Minh Hieu, founder of anti-fraud site chongluadao.vn, said there were 29,000 frauds reported in the first quarter of 2024, including 11,000 ones in March, remarking a significant growth over the last four years.
A common plot is phising attack. Compromised victims are manipulated and attracted to fake prizes and rewards, giving dozens of billions of VND to attackers, he said. (VND1 billion is equivalent to $40,060).
Ngo Minh Hieu also suggested securities investors should spend more time to check and verify information to avoid frauds.
Le Cong Phu, deputy head of the Vietnam Computer Emergency Response Teams (VNCERT), the Ministry of Information and Communications, stressed that underinvestment in cybersecurity staff was a serious problem in Vietnam. The country's projects on training cybersecurity staff were outpaced by demand. Besides, many firms were opting to hire cybersecurity staff instead of building their own systems and training their own staff.
Amid securities firms' inability to follow cybersecurity requirements per the government's Decree 85/2016, the VNCERT has requested all securities businesses to review and report their cybersecurity status by April 15, per the four-layer defense model, Phu said.
Currently, per Decree 15/2020 on fines for telecommunications violations, the penalties are light and firms have bigger concerns related to their damaged reputation, rather than fines for unfulfilled cybersecurity systems, he added.
Quan and Phu also said the current legal framework was underdeveloped regarding compensation for victims. However, it is expected that securities firms will take due steps to retain customers to stay competitive, they said.
Nguyen Anh Tuan, deputy director of the National Population Database Center under the Ministry of Public Security’s Police Department for Administrative Management of Social Order, said the ministry was cooperating with the State Securities Commission to synchronize data of citizens and stock market participants, aiming to enhance the market’s operations. However, this move is not aimed at enhancing cybersecurity, he clarified.
Even as Vietnam targets the upgrade of its stock market status, concerns have been raised about system security and information safety. Vietnamese securities stocks dropped sharply March 25 afternoon after leading brokerage house VNDirect Securities said it had not been able to recover from a cyberattack that paralyzed its electronic platforms.
The mishap forced both the Ho Chi Minh and Hanoi stock exchanges to disconnect from VNDirect.
A day later, the State Securities Commission (SSC), Vietnam’s stock market watchdog, instructed securities companies to enhance their cybersecurity.
A week after the incident, VNDirect Securities JSC was allowed to resume its connections to the Ho Chi Minh and Hanoi stock exchanges. VNDirect is the third-largest securities broker on the Ho Chi Minh Stock Exchange (HoSE), managing financial assets of VND83,305 billion ($3.34 billion).
On April 2, PVOIL, a subsidiary of state-run giant Petrovietnam, said it was attacked by hackers, causing its website, email, payment application and electronic invoices to shut down. The firm's general director Doan Van Nhuom said it will take the company 1-2 days to fix the problem.
Meanwhile, cyberspace monitoring by the Ministry of Information and Communications has detected several ransomware attacks and urged businesses and organizations to enhance their cybersecurity.
On April 7, Prime Minister Pham Minh Chinh issued a directive that instructed ministries and local authorities to boost cybersecurity.