Appearing in late 2010, advanced persistent threat (APT) attacks have consistently been named one of the top threats to information safety and security. With sophisticated and changing attack methods, they have caused major losses.
More than 27% of APT attacks in Vietnam have targeted Government agencies, followed by financial-banking organisations and telecoms businesses with huge amounts of customer data. Meanwhile, 80 – 90% of the malware used in those attacks was specifically designed for each target, according to the Authority of Information Security (AIS) under the Ministry of Information and Communications (MIC).
Preventing APT attacks is still challenging despite the billions of USD organisations and businesses spend each year on this work, the AIS said.
Statistics of the Vietnam Computer Emergency Response Team (VNCERT) show that in 2017, the country was hit by 13,382 cyber-attacks, including 6,400 malware, 4,377 defacing and 2,605 phishing attacks. As of June 25 this year, 5,179 attacks had been recorded, comprising 1,122 phishing, 3,200 defacing and 857 malware attacks.
The AIS warned that the consequences of APT attacks for the national information system were unpredictable. The attacks could undermine the economy and political system of a country “without using a single arrow or bullet.”
MIC Deputy Minister Nguyen Thanh Hung said to respond to cyber-attacks, many units specialising in cyber information safety have ran cyber security drills with the VNCERT.
The AIS itself has held many exercises on ensuring information safety in fields like transport, health care, electricity, business and finance to improve organisations’ readiness to handle cyber incidents.
All units should be aware of the benefits of ensuring information safety so as to make appropriate investments in this issue. Information safety risks, especially those for businesses, could cost not only money but also the existence of agencies, Hung said.
Nguyen Thanh Lam, head of the telecom and IT division of the Electricity of Vietnam (EVN) Group, said the EVN has always paid attention to cyber security, adding that exercises can help organisations and businesses realise risks for cyber security. To deal with cyber incidents, it is necessary to build as many attack scenarios as possible and prepare responses for those scenarios, the official stressed.