The first half of 2024 saw 46 data breaches in Vietnam, compromising approximately 13 million customer records. Cyber threats such as ransomware, information spoofing, and targeted attacks are expected to become more sophisticated and prevalent.
According to the report on information security risks in Vietnam in the first half of 2024, Viettel Threat Intelligence of Viettel Cyber Security Company (VCS) identified emerging risks that impacted organizations and businesses in the country. Notably, data breaches, personal information theft increased by 50% compared to the same period in 2023; financial fraud increased, and there was a trend of data encryption attacks demanding ransoms with a large volume of encrypted data.
3 TERABYTES OF DATA ENCRYPTED, CAUSING DAMAGES OF MORE THAN $10 MILLION
Based on the situation in the first six months, it can be observed that the predominant type of cyber attack in Vietnam recently has been ransomware, causing significant reputational and economic damage to businesses. Statistics show that as many as 56 organizations were initially victims of ransomware attacks.
Specifically, in the first half of 2024, the amount of encrypted data reached 3 terabytes, with estimated total damages exceeding $10 million. A notable example was the attack by the Lockbit group on a financial company in March this year, which caused prolonged service disruption.
There have also been other attack campaigns targeting various sectors such as retail, finance, and information technology. Lockbit has been the top malware group worldwide in terms of the number of victims in the last two years.
Since September 2023, the Lockbit and Affiliate malware have demanded a minimum ransom of 3% of the company’s annual revenue, with a possible reduction to a minimum of 1.5%. In addition to the RaaS model, Lockbit employs a double extortion model, combining data encryption and threats to publicly disclose stolen data if the victim does not pay the ransom within the specified timeframe.
Research indicates that ransomware attacks have significantly increased in number and impact as large companies and organizations have become the primary targets. Hackers often exploit various methods to spread ransomware, including phishing emails, creating fake websites, and exploiting security vulnerabilities to infiltrate target systems. Ransomware primarily targets vulnerable servers that contain critical data and offer greater opportunities for ransom.
The system recorded multiple risks of ransomware attacks on data and virtualization infrastructure of organizations and businesses in Vietnam. Attackers escalated their activities, remaining hidden in the system, and performed encryption by exploiting vulnerabilities in publicly available applications within the organization (email, website, etc.); login credentials for critical systems of organizations were also stolen…
In the first two quarters of the year, there were multiple alerts about different types of stealer malware targeting Southeast Asia and Vietnam.
Statistics for the first six months recorded 2,364 fraudulent domains targeting users and customers of large organizations in Vietnam. The number of fraudulent domains increased by 1.2 times compared to the same period in 2023. This annual increase indicates that it remains a primary trend among high-tech criminal groups in Vietnam. Additionally, Viettel Threat Intelligence also detected and warned against 496 fake websites that illegally used the brands of large organizations in Vietnam, a fourfold increase compared to the same period in 2023.
In terms of tactics, in the first half of 2024, criminal groups employed AI technology in their scam campaigns, using AI to create scam scripts and DeepFake/DeepVoice content. Some common scam methods used by cybercriminals in their attacks include credit card-related service scams; impersonating authorities to install malicious Android applications on mobile devices; and offering capital recovery and refund support scams.
Among various industries, the financial and banking sector remains the top target for scam and impersonation attacks, accounting for 71% of the total number of attacks.
COMPROMISED ACCOUNTS INCREASED BY 1.5 TIMES COMPARED TO THE SAME PERIOD IN 2023
In the first half of 2024, the number of vulnerabilities globally increased by 42% compared to the same period in 2023. Through monitoring and handling incidents, the number of detected vulnerabilities in the first six months of 2024 surged from 12,410 in 2023 to 17,648.
Of these, high and critical-level vulnerabilities accounted for 51% of all disclosed vulnerabilities in cyberspace. Viettel Threat Intelligence recorded 71 vulnerabilities in the first six months of 2024 that could potentially impact organizations and businesses in Vietnam.
Additionally, the Viettel Anti-DDoS system of VCS recorded nearly 495,000 distributed denial-of-service (DDoS) attacks, a 16% increase compared to the total number of attacks in the first six months of 2023. More than 50% of the attack volume was concentrated in February.
Notably, in the first quarter, there were multiple attacks exploiting the DNS protocol to target VCS customers in the financial sector, combined with complex Hitand-Run attacks aimed at disrupting customer services.
The increase in the number of attacks compared to the same period in 2023 was due to a change in the attack pattern. While previous DDoS attacks involved very high intensities, reaching hundreds of Gbps, and occurred less frequently, the landscape has now shifted. In the first half of 2024, Viettel Threat Intelligence recorded over 61 million compromised accounts, a 1.5-fold increase compared to the same period in 2023. The growth of attack groups stealing malware, as well as the Stealer-as-a-Service model, has led to a significant surge in the number of compromised accounts.
Experts have indicated numerous cases of compromised login information for critical and sensitive systems such as email, centralized management systems (SSO), or VPN used to access internal networks. This poses a significant risk to businesses as it could lead to system disruptions and data theft if exploited by malicious actors.
The beginning of 2024 witnessed a boom in the sale of user information, system data, and other sensitive data of large enterprises in Vietnam. The number of data breach incidents, data sharing, and trading surged in May and June. The first half of 2024 recorded 46 data breaches in Vietnam, compromising approximately 13 million customer records, 12.3GB of source code, and 16GB of data.
Data breaches can also occur due to accidental uploads to public platforms. In the first six months of 2024, Viettel Threat Intelligence detected multiple cases of data exposure, including seven high-level cases related to banking and technology fields.
Forecast of cyber attack trends for the last six months of 2024:
With the advancement of AI tools, new techniques, and high-tech crimes will likely increase with the support of AI. As a result, user attacks for illegal profits through malware will become more common and intricate. Some potential attack vectors include:
First, an increase in fileless malware attacks. Fileless malware will continue to rise due to its stealth nature. Security software struggles to detect this type of malware as it primarily resides in memory and leaves no traces on the hard drive.
Second, supply chain attacks. Attacks on supply chains will become more prevalent as attackers target service or software providers to infiltrate their customers’ systems.
Third, more sophisticated ransomware. Ransomware will remain a significant threat, with new variants capable of rapid data encryption and higher ransom demands.
Fourth, increased use of Living off the Land (LotL) techniques. Attackers will increasingly exploit legitimate tools already present on target systems to carry out malicious activities without the need for additional malware or tools.
Additionally, in the second half of 2024, scam and impersonation campaigns using the brands of large organizations in Vietnam are expected to continue to increase. Notably, there will be a rise in scams impersonating authorities to install malicious applications on mobile devices.
Over 37,000 dual ransomware attacks on Tet holiday, 83,000 people fell victim, urgent warning from experts
According to cybersecurity experts, dual ransomware is a form of attack that is highly “terrorizing” to its victims. The victims are forced to pay a ransom in order to “redeem” their data decryption key.
Finance Company Director Scams and Embezzles Over 300 Billion VND
Ha Dong District Police in Hanoi announced that the Investigation Agency has made the decision to initiate criminal proceedings against Hoang Nam (born in 1979, from Ninh Binh City, Ninh Binh Province) to investigate the crime of Fraudulent Misappropriation of Property.
US Federal Reserve Tightens Regulation of Digital Currency
Fed member banks must submit applications and receive unsupervised written approval from the Fed before issuing, holding, or transacting in cryptocurrency.
