Many official websites of government agencies in Vietnam are at risk over a lack of measures to protect critical platforms from cyberattacks.
These problems make the websites more vulnerable to hackers who can take control and steal sensitive data or documents, circulate fake news, or distort information in some way.
According to the research of Tuoi Tre (Youth) newspaper, a number of government websites have been manipulated.
Although these websites are really important as official government platforms, they are run by administrators who take on different roles at the same time.
Gambling advertisements displayed widely
A Google search for some keywords related to gambling will return many results, including many from websites with the government domain ‘gov.vn.’
A case in point is an advertisement for a gambling service called Dk8 on the website of the Department of Science and Technology in Binh Phuoc Province.
Once the website is fully loaded, a pop-up advertisement appears on the screen saying, ‘Register an account to double the gifts… Give billions of cash gifts regardless of new or old accounts.’
As observed by Tuoi Tre reporters, many advertisements promote popular gambling services such as online casinos, sports, lottery, fishing games, 3D board games, and more.
Many of them provide users with links to download the games to their devices.
The same content has also appeared on the websites of the Vietnam Fatherland Front Committee of Nam Dinh Province (ubmttq.namdinh.gov.vn), the Nam Dinh Province Women’s Union (phunu.namdinh.gov.vn), the Kon Tum Province Department of Culture, Sports, and Tourism (svhttdl.kontum.gov.vn), and others.
Some websites operated by government agencies displayed in the search function contain advertisements for gambling.
This situation has been known for many years but no effective measures have been taken to end it.
According to a March cybersecurity technology review issued by the Information Security Department under the Ministry of Information and Communications, some 788,982 IP addresses of Vietname were reported in the botnet, which is a network of hijacked computers and devices infected with bot malware and remotely controlled by one or more hackers.
Among them are some 295 IP addresses belonging to government agencies, including 27 IP addresses from ministries and 268 IP addresses from provinces.
Also in March this year, the National Center for Cybersecurity discovered as many as 1,258 vulnerabilities or cybersecurity holes in the information network of government agencies’ systems.
Remarkably, many of these vulnerabilities were exploited by a few cyberattack hacker groups to conduct advanced persistent attacks (APT). An advanced persistent attack (APT) uses continuous and sophisticated hacking techniques to gain access to a system and remain in it for an extended period of time, with potentially destructive consequences.
|People gather around a laptop at a coffee shop in Ho Chi Minh City, Vietnam. Photo: Quang Dinh|
Companies suffer major losses
Vu, whose name has been changed for privacy reasons, is an administrator for a company’s information system, and has just been fired for “causing serious damage to the entrepreneur.”
The company’s network, previously controlled by Vu, was attacked by ransomware, which resulted in many computers being removed from control.
The company lost all of its business data as a result, including that of its partners and customers.
On some forums on the dark web, it is easy for anyone to get hold of data offers, which are lists of customers of stock exchange operators, shopping malls or real estate projects along with their personal and sensitive information.
It is said that the data was offered for sale on the dark web because it was given by an employee of the company or a hacker who had carried out a successful attack.
According to Viettel Cyber Security, there are a total of 35 data offers on the Internet in 2021, with the data coming from government agencies.
It is extremely worrying to know that there are some data breaches that involve tens of millions of users.
Despite the enormous damage, some cybersecurity experts believe this is just the tip of the iceberg.
“A hacker once offered to sell sensitive data to the board of a major corporation in Vietnam, including emails about business strategies and decisions,” one security expert revealed.
In addition to the direct damage caused by cyberattacks, companies targeted by cybercriminals face huge losses after information about the attacks became public.
In security company Kaspersky’s recent report on a secure path for the future of digital payments in the Asia-Pacific region, nearly 42 percent of users said that they would not buy goods from sellers who were victims of cyberattacks or data breaches.
At the same time, about two-fifths of the users chose to make online payments with digital service providers that have never been associated with data breaches.
Not taking cybersecurity seriously enough
Several experts believe that while many business owners take advantage of websites to sell goods, they still do not pay enough attention to protecting their systems.
Many companies fail to have their websites regularly checked for vulnerabilities, nor do they take deep measures to protect their data.
This is one of the reasons why so many websites are becoming really prone to cyberattacks, even simple tricks.
Nguyen Minh Duc, founder and CEO of cybersecurity firm CyRadar, said many companies do not consider data security a critical issue.
They do not know when attacks will happen and how to respond appropriately because they are not prepared for such incidents in advance, Duc added.
For this reason, companies may suffer more damage from the attacks, the expert warned.
Regarding government websites, some experts pointed out negative aspects: there is no official standard for their structure and the security of information.
“Most of the provincial ‘gov’ end-domain websites are run by an unofficial administrator, who is often just a sideline,” said one expert, who preferred to stay anonymous.
“Many of these sites use a common code source, which means that if a hacker can take control of one site, they could take over the others.”
Raising the flag for Vietnam’s cybersecurity
According to Vietnamese security software company BKAV’s report on the cybersecurity situation in Vietnam in 2021, about 70.7 million computers were infected with a virus.
In particular, the number of attacks using a virus to encrypt sensitive documents was 2.5 million in 2021, 4.5 times higher than the number of cases in 2020.
BKAV noted that most Vietnamese users do not know how to cope with when their computer is compromised by a virus.
A survey conducted by BKAV showed that more than 99 percent of the participants said they chose to pay money to recover their data from hackers.
But they could not get the lost data back after all, the company said.
“About 10 percent of computers in Vietnam have anti-virus software that updates automatically and is supported by the provider,” said Vu Ngoc Son, deputy head of BKAV’s anti-malware department.
“This is too low a number to create ‘community immunity.'”