The National Cyber Security Center reports weekly statistics about a variety of cyber attacks conducted against people and organizations in Vietnam. They typically put out information about vulnerabilities, botnets, malware, phishing, and fraud. The information below was the data collected and collated from NCSC [1] for May 2024. Then analyzed to provide awareness, insights, and strategies for mitigations.
Vulnerabilities
Vulnerabilities are deficiencies or flaws that can be exploited by actors to conduct malicious activities [2]. Vulnerabilities can occur in hardware, software, firmware and are not necessarily localized to Vietnam. Many vulnerabilities captured by NCSC are common globally from technology organizations like Microsoft and Oracle. In May, NCSC identified 3996 vulnerabilities relevant to Vietnam [1]. To help mitigate vulnerabilities, it is best to have appropriate patching processes to provide the most up-to-date protection. Patching can either be automated, manual, or hybrid. Some technology assets can apply automated patching, where more sensitive technology assets may need a more manual approach that requires more testing to ensure the patch itself does not hurt the hardware or software.
Phishing
Phishing is a form of social engineering where individuals are deceived into disclosing sensitive personal information by claiming to be a trustworthy entity through electronic communications such as email, social media, and messaging apps [3]. According to NCSC, there were 529 phishing attacks reported. The organization identified 29 fake ecommerce websites (Shoppee, Amazon, Ebay, Lazada, Tiki), 50 fake banking websites (VPBank, MBBank, Phoung Dong Commercial Joint Bank, Tien Phong Commercial Joint Stock Bank), and 1 fake Vietnamese government website [1].
Zombie computers and technology
A zombie computer is a system that has been compromised and controlled by a malicious actor. The computer is then used to perform malicious acts such as botnet and denial of service (DOS) attacks [4]. NCSC identified an average of 39,947 potential zombie computers located in Vietnam [1]. To help to mitigate these, people and organization need to continuously update and harden their systems and endpoints. In some cases, an organization needs to remove aged hardware and software that are no longer supported.
Botnets
A botnet is short for robot network [5]. Along the lines of zombie computers, you can think of botnets as an army of zombie computers. Malicious actors have gained control of infected computers and organize them remotely to conduct deviant and criminal activities [5]. NCSC identified 80 botnets that are active in Vietnam [1]. Many appear to have connections to Russia.
Malware
Malware can be any code based malicious activity that successfully infects a host [6]. Common examples are viruses, worms, Trojan horses, spyware, and adware. NCSC noted 112 malicious software injection attacks [1]. The report does not specify what types of malware were identified. Generally to reduce the risk of malware, people and organizations should use a variety of mitigations such as anti-virus/malware software and patching.
Computer Fraud/Cyber Fraud
Computer related fraud refers to any time of fraud using a computer [7]. I would go further and suggest cyber fraud is where fraud is conducted using any computing device or technology connected to the Internet. According to NCSC 1029 cases of fraud were reported to the agency [1]. The acquisition of money is one of the main goals and motivations of criminals and malicious actors and fraud is generally one of the common activities to gain money illicitly.
Can a threat model help us understand where these activities are used by deviant and malicious actors?
Cyber Kill Chain Threat Model
A cyber kill chain is a cyber threat model created by Lockheed Martin. The model has seven steps to understand the tactics and techniques malicious actors might use. The steps are reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objectives [8]. Reconnaissance is a form of data collection used for a cyber attack. Phishing and vulnerabilities can be activities associated with the reconnaissance step. Weaponization is the creation of some form of attack. The development of malware and botnets can be a form of weaponization. Delivery is how the malware distributed, which can be through phishing. Exploitation is where vulnerabilities are taken advantage of for system penetration. Installation is where malware is installed on the device or endpoint. Command and control refers to remote manipulation of victim systems. Zombie computers and botnets fall into this category. Actions on objectives alludes to accomplishing their goal. In most cases, the obtainment of money. So fraud activities can be associated with the final step of the cyber kill chain.
About the Author:
Dr. Dwight is Lecturer and Researcher in Vietnam. His research interests focuses on the intersection of business and technology, particularly around eCommerce, eCommerce cyber security and cyber security education. He spent over decade in industry at various IT business roles and organizations before transitioning to academia. He holds multiple master’s degrees and a PhD. He also has professional certifications in project management, cloud computing, IT service management
https://www.linkedin.com/in/joshadwight/
References
[1] “An toàn trên không gian mạng - khonggianmang.vn - Trung tâm Giám sát an toàn không gian mạng quốc gia - National Cyber Security Center (NCSC),” khonggianmang.vn. https://khonggianmang.vn/
[2] S. M. Radack, “National Vulnerability Database: Helping Information Technology System Users and Developers Find Current Information about Cyber Security Vulnerabilities,” NIST, pp. 1–4, Oct. 2005, Available: https://www.nist.gov/publications/national-vulnerability-database-helping-information-technology-system-users-and
[3] K. Stouffer, “Guide to Operational Technology (OT) Security,” Jan. 2023, doi: https://doi.org/10.6028/nist.sp.800-82r3.
[4] UN ESCWA, “Zombie computer,” United Nations Economic and Social Commission for Western Asia, 2014. https://www.unescwa.org/sd-glossary/zombie-computer (accessed Jun. 01, 2024).
[5] C. C. Editor, “Botnet - Glossary | CSRC,” csrc.nist.gov. https://csrc.nist.gov/glossary/term/botnet
[6] P. Cichonski, T. Millar, T. Grance, and K. Scarfone, “Computer security incident handling guide,” Computer Security Incident Handling Guide, vol. 2, no. 2, Aug. 2012, doi: https://doi.org/10.6028/nist.sp.800-61r2.
[7] S. P. Rajagopalan, “Computer Frauds and How To Prevent Them | Office of Justice Programs,” www.ojp.gov. https://www.ojp.gov/ncjrs/virtual-library/abstracts/computer-frauds-and-how-prevent-them
[8] Lockheed Martin, “Cyber Kill Chain,” Lockheed Martin, 2024. https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html