Viet Nam Internet users face the highest risk of local malware infection in the world, according to figures presented by Vietnam Computer Emergency Response Team (VNCERT) at the recent Ho Chi Minh City 2017 FIRST Technical Colloquia (TC), held during APRICOT 2017.
Over 50% of Viet Nam’s 45+ million regular Internet users faced malware-class attacks, more than double the global average, with cyberattacks in Viet Nam increasing four-fold in 2016.
Website defacement, phishing, ransomware, and advanced persistent threats (APTs) are among the most common forms of attacks, said VNCERT Security Engineer Nam Tran Phuong.
APTs are a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time.
Nam Tran Phuong said the intention of such attacks is to steal data rather than causing damage to the network or organization. He highlighted last year’s APT attack on Vietnam Airlines, where the airline’s customer database was stolen and made public after having reportedly being hacked as early as 2014.
In an effort to kerb the economy’s high risk of cyberattacks, Viet Nam’s lawmakers ratified a cyber information security law in 2015, including regulations on preventing and fighting online terrorism.
Vietnam Computer Emergency Response Team (VNCERT) have also been focusing on building attack detection awareness, which Nam Tran Phuong said includes the need for diligent network and log analysis, and end point protection.
Nam Tran Phuong also said developing such awareness has its challenges but VNCERT is hopeful the training they have undertaken with government and enterprise network engineers will start to reduce these attacks and other cyber risks.
CERT and security community share their lessons
Around 50 people attended the one-day FIRST TC cybersecurity event, which provided a forum for attendees and presenters to share information about vulnerabilities, incidents, tools and other issues that affect the operation of incident response and security teams.
CNCERT/CC (China), JPCERT/CC (Japan) and KrCERT/CC (Korea) presented through the day, sharing case studies of intelligence gathering and mitigation programs they have been enacting, including:
- A website analysis tool, developed by JPCERT, to facilitate information sharing about defaced websites with administrators and ISPs in a safe, secure environment
- A series of national cybersecurity drills developed for government in South Korea to practice responding to APT and DDoS attacks
This guy says he extended the drill in 2016 to a full scenario, including cross-organisation attacks. #apricot2017 pic.twitter.com/NRcrKvHOE6
— Stilgherrian (@stilgherrian) February 26, 2017
- A program to identify and remove malware from third-party app stores, mobile ad platforms and SaaS cloud platforms in China – in the past four years, CNCERT/CC have detected and removed over 96,000 samples of malware.
On the final point, CNCERT/CC are developing a whitelist certification between developers, app stores and anti-virus vendors, and plan on working with the mobile app industry to develop stores that give higher priority to certified apps to encourage developers to apply for certification.
Efforts made by these and other CERTs in the Asia Pacific region, as well as their willingness to share such information and tools, are vital for the health and security of the Internet. Thanks to everyone who participated at the meeting and I look forward to seeing you again at the next APNIC-supported FIRST Regional Symposia event in Taichung, Taiwan.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.
great report for security in internet! thanks your team!
happy VNCERT and Tran Phuong Nam! thanks for share