In May 2023, a total of 695 cyberattacks on information systems occurred in the country. According to the Authority of Information Security (AIS), the number of cyberattack incidents in the first five months of the year amounted to 4,639, indicating a 15% decrease compared to the corresponding period last year, which was 5,463.
The National Cyber Security Centre (NCSC) operating under AIS observed and guided the handling of the 695 cyberattacks. The figure represented a significant increase of 39.6% compared to April while showing a decrease of 17.9 % in comparison to May 2022.
In a May report on the implementation of Resolution 17 concerning the development of e-government, the Ministry of Information and Communications (MIC) highlighted that one of the notable deficiencies was the inadequate network safety and cybersecurity measures in several locations.
Regarding vulnerabilities and information security gaps in the systems of state agencies, the NCSC’s system identified a total of 52,077 vulnerabilities in the first four months of 2023. In April 2023 alone, the number of recognised vulnerabilities exceeded 39,300. Some flaws have been exploited by hackers to conduct APTs (advanced persistent threats).
Experts advise system administrators to conduct regular comprehensive reviews of their systems and ensure that all vulnerability patches are fully updated. By regularly updating these patches, system administrators can close security gaps and minimise the risk of exploitation. Additionally, it is recommended to develop 24/7 monitoring plans to detect any potential cyberattacks promptly.
To enhance network information security, MIC will persist in strengthening supervision over information systems. It will proactively scan Vietnam’s cyberspace, compile comprehensive statistics, and raise awareness through mass media channels by promoting propaganda and issuing warnings to educate users about potential risks. Additionally, MIC will implement measures to prevent incidents and mitigate vulnerabilities to ensure a secure network environment.
It will continue issuing documents to alert ministries, branches, localities, and members regarding incident response networks. This aims to keep them engaged in assessing vulnerabilities and monitoring indicators of potential cyberattacks. By emphasising continuous vigilance, MIC seeks to enhance preparedness and response capabilities across various entities to mitigate the impacts of cyber threats.
During the initial months of 2023, the Chief Technology Officer of the National Cybersecurity Agency (NCS) uncovered instances where hacker groups infiltrated websites belonging to state agencies and education units and inserted ads related to gambling and betting. The hackers carried out attacks through basic holes, mostly SQL Injection, thus hijacking servers and inserting ad codes and search engine optimisation (SEO) codes for betting and gambling websites.
The Deputy Director of the Department of Cyber Security and Hi-tech Crime Prevention, under the Ministry of Public Security, said that attacking to exploit security holes to gain control and steal data from agencies and organisations is a prominent activity and one of the four common trends of cybercriminals.
Recently, OpenGov Asia reported that NCSC issued a warning regarding an increasingly serious scam involving the utilisation of deepfake technology to capture the movements and voices of unsuspecting victims for fraudulent purposes. This manipulation has resulted in financial losses for numerous individuals. It is anticipated that this artificial intelligence (AI)-based deception will evolve further in the future, becoming even more sophisticated and deceptive.