Securities, banking accounts among 97,000 compromised this year: report

By Luu Quy   September 13, 2021 | 08:40 pm PT
Securities, banking accounts among 97,000 compromised this year: report
A man makes stock transactions at an office in HCMC's District 1, 2020. Photo by VnExpress/Quynh Tran
Around 97,000 network accounts including baking and securities accounts of high value have been compromised in Vietnam so far this year, a cyber-security firm says.

The exposure of these accounts has been recorded by the Threat Intelligence division of Viettel Cyber Security, the firm's director Nguyen Son Hai said at a recent online forum on IT leadership and information security.

He said his firm has detected 16 large-scale data leaks in Vietnam, twice as many as last year, and found that 97,000 accounts in various fields including social networks, banking and securities had being exposed.

"Around 2,000 exposed accounts are in the banking and securities sectors. Among these, there is a bank account with a balance of VND5 billion ($220,300) and a securities account with a value of VND30 billion," Hai said.

Trinh Hong Ha, Deputy Director of the Information Technology Department under the State Securities Commission, said at the meeting that a securities company has been blackmailed for money recently.

Ha said the stock market was "sensitive and complex," and faces the risk of many cyberattacks.

Currently, about 95 percent of securities transactions in Vietnam are done online and typical in this field are targeted attacks, wherein threat actors actively pursue and compromise a target entity's infrastructure while maintaining anonymity; and hijacking of accounts, in which criminals obtain the personal banking information and use it to take over the real owners' bank accounts.

The risk of cyberattacks in Vietnam has increased in the context of the pandemic as many companies and organizations have switched to work remotely and depended more on online platforms.

Tran Quang Hung, Director of the National Cyber Security Monitoring Center (NCSC), said since the fourth Covid-19 wave that started late April, the trend of online fraud has increased sharply in Vietnam.

There have been months when the center recorded and handled thousands of fraud cases in different forms, including fake bank websites, fake e-commerce floors and fraudulent calls.

Hai of Viettel Cyber Security said that in the first half of this year, the company detected 3,000 fraudulent domain names, three times higher than the same period last year.

Since the end of last year until now, the system has detected more than 1,400 domain names impersonating all banks in Vietnam, along with some e-wallets and international money transfer services, he said.

In addition to attacks targeting users, many cyberattacks have targeted agencies and organizations, including "advanced persistent threat," a stealthy threat actor which gains unauthorized access to a computer network and remains undetected for an extended period, and denial of service (DDoS) from IoT (internet of things) devices.

Hai said the problem that many companies are facing today is that the design of security systems they use does not keep up with new technologies and at the same time, many security system these days are way too complex and difficult to manage.

Hung of the NCSC proposed that three stakeholders, businesses/organizations, information security service providers, and state management agencies with experts in information security join hands to limit the risk of cyberattacks.

For example, to deal with phishing attacks to get users' information, NCSC would build a warning website where users and businesses can proactively provide information when in doubt.

On receiving the information, NCSC would process it and it would take only about 30 minutes to an hour to detect any possible threats, "which would help reduce damages a lot," said Hung.

go to top