With the growing trend of AI tools, new techniques and high-tech crimes will tend to increase thanks to the powerful support of AI.
Increasing ransomware attacks on organizations and businesses
In the first 6 months of 2024, Viettel Threat Intelligence system of Viettel Cyber Security Company (VCS) recorded many risks of information security (IT) affecting organizations and enterprises (DN) in Vietnam, notably the trend of data encryption attacks demanding ransom with the amount of encrypted data up to 3 Terabytes.
Based on the situation in the first 6 months of the year, it can be seen that the main type of cyber attack taking place in Vietnam recently is mostly ransomware attacks, causing a lot of damage to businesses both in terms of reputation and economy.
Specifically, in the first half of 2024, the amount of data that was encrypted by attack reached 3 Terabytes with a total estimated loss of more than 10 million USD. A typical example is the attack by the Lockbit group on a financial company in March this year, causing a long-term service disruption.
In addition, there are many other attack campaigns targeting targets across many fields such as retail, finance and information technology. In particular, Lockbit is the malware group with the leading number of victims worldwide in the past 2 years.
As of September 2023, Lockbit and Affiliate malware demand a minimum ransom of 3% of the company’s annual revenue, with a minimum of 1.5%. In addition to the RaaS (Ransomware-as-a-Service) model, Lockbit uses a dual extortion model, encrypting and simultaneously threatening to publicly release stolen data, if the victim does not pay within the required time period, the data will be pushed to the malware group’s public website.
Ransomware attacks have shown signs of increasing in number and impact as large companies and organizations become the most targeted. Hackers often take advantage of many methods to spread ransomware, including phishing emails, creating fake websites, and using security vulnerabilities to infiltrate target systems.
Timely prevention and containment of ransomware attacks plays an important role in protecting information security for organizations, limiting serious losses to digital assets and network infrastructure.
In addition, in the first and second quarters, there were multiple warnings about different types of Stealer malware targeting Southeast Asia and Vietnam. Common Stealer malware reported included RisePro Stealer, Ducktail Stealer, Agniane Stealer, VietCredCare Stealer, Atomic Stealer, and Lumma Stealer. There were also warnings about new Stealer malware spreading via messaging services and PyPI packages.
Financial fraud and scams on the rise
According to statistics from Viettel Threat Intelligence, in the first 6 months of 2024, 2,364 phishing domains were recorded targeting users and customers of large organizations in Vietnam. The number of phishing domains increased 1.2 times compared to the same period in 2023. The increase in number over the years shows that this is still the main trend of high-tech crime groups in Vietnam.
In addition, Viettel Threat Intelligence also detected and warned of 496 fake pages illegally using the brands of large organizations in Vietnam, a 4-fold increase compared to the same period in 2023.
In terms of form, in the first half of 2024, Viettel Threat Intelligence did not record any new forms of fraud. Instead, criminal groups applied AI technology (using AI to create fraud scenarios, using DeepFake/DeepVoice, …) in fraud campaigns. Some common forms of fraud used by cybercriminal groups in attack campaigns include: Fraud, impersonation of credit card-related services; Fraud, impersonation of authorities to install malicious Android applications on mobile devices; Fraud to support capital recovery, recovery of suspended money.
In terms of industry distribution, the finance and banking industry is still the leading group in terms of fraud and counterfeit attacks, accounting for 71% of the total number of attacks.
17,648 new vulnerabilities emerged
In the first half of 2024, the number of vulnerabilities recorded worldwide increased by 42% compared to the same period in 2023. In Vietnam, according to VCS statistics, the number of vulnerabilities detected in the first 6 months of 2024 was 17,648, up from 12,410 in 2023. Of which, the total number of high-level and severe vulnerabilities (according to CVSS score) accounted for 51% of the total number of vulnerabilities published in cyberspace.
Through the process of assessing and analyzing vulnerabilities, Viettel Threat Intelligence recorded 71 vulnerabilities in the first 6 months of 2024 that pose a great risk of affecting organizations and businesses in Vietnam.
Denial of service attacks increased by 16%
During the first 6 months of 2024, VCS’s Viettel Anti-DDoS system recorded a total of nearly 495,000 distributed denial of service (DDoS) attacks, an increase of 16% compared to the total number of attacks in the first 6 months of 2023. Of which, more than 50% of the number of attacks were concentrated in February.
In particular, in the first quarter, there were many attacks that took advantage of the DNS protocol to attack VCS customers in the financial sector, combined with complex Hitand-Run attacks to disrupt customer services. By the second quarter of 2024, the Viettel Anti-DDoS system recorded additional attacks that took advantage of the DNS protocol mechanism to create high-bandwidth traffic streams targeting customers in the education sector. The attacks occurred with high frequency, right at the important enrollment period.
In addition, in the first quarter, there was a nearly 300Gbps attack targeting VCS customers in the electronic entertainment service sector, including individuals and businesses. Companies and corporations in fields such as information technology and government agencies are still frequent targets.
The reason for the higher number of attacks compared to the same period in 2023 is due to the change in attack patterns. If in the past, DDoS attacks were attacks with very high intensity, up to hundreds of Gbps, and attacks with not too much frequency, now the DDoS game has changed.
Instead of launching a small number of extremely high-intensity attacks on a scanned IP, hackers used a form of attack called carpet bomb. This type of attack generates many medium and low-intensity attacks on all IPs in a customer’s IP range at the same time. The purpose of this type of attack is to overcome threshold-based attack protection mechanisms, while still having the ability to cause congestion because the total capacity of small attacks on each IP can reach tens or hundreds of Gbps.
More than 61 million accounts exposed, data leaked
In the first half of 2024, Viettel Threat Intelligence recorded more than 61 million exposed accounts, an increase of 1.5 times compared to the same period in 2023. The development of malware-stealing attack groups, as well as the Stealer-as-a-Service model, led to a sharp increase in the number of exposed accounts.
The beginning of 2024 witnessed an explosion in the sale of user information, system data and many sensitive data of large enterprises in Vietnam. The number of cases of selling and sharing sensitive data skyrocketed in May and June. The first half of 2024 recorded 46 data leaks in Vietnam with about 13 million customer data records, 12.3GB of source code, 16GB of data
Forecasting cyber attack trends in the last 6 months of 2024
With the growing trend of AI tools, new techniques and high-tech crimes will tend to increase thanks to the effective support of AI. Thereby, attacking users to illegally profit from malware to make money becomes much more popular and complicated. In particular, many attack paths targeting users will tend to.
First is the rise of fileless malware attacks. Fileless malware will continue to increase, due to its difficulty in detection. Security software has a hard time detecting this type of malware because it operates primarily in memory and leaves no trace on disk.
The second is supply chain attacks. Supply chain attacks will become more common as attackers target service or software providers to gain access to their customers’ systems.
Third, ransomware is becoming increasingly sophisticated. Ransomware will continue to be a major threat with the emergence of new variants that can encrypt data quickly and demand higher ransoms.
Fourth is the increased use of Living off the Land (LotL) techniques. This technique is used more and more when attackers take advantage of legitimate tools available on the target system to perform malicious actions without downloading additional tools or malware.
On the other hand, it is forecasted that in the second half of 2024, phishing and fake attack campaigns using the brands of large organizations in Vietnam will continue to increase. Especially the form of fraud impersonating authorities to install malicious applications on mobile devices.
6 recommendations for organizations and businesses
To ensure that production and business activities of enterprises and organizations continue to operate continuously and minimize the risks of information security risks, Viettel Threat Intelligence offers the following 6 recommendations:
One is to review the process and system of managing customer data and internal data with cases of data leakage and trading.
Second is to provide early warning to individual customers about leaked business service accounts and user fraud campaigns.
Third is to proactively scan the system for signs of intrusion, detect and respond early to targeted attack groups.
Fourth is to review and upgrade versions of software and applications that contain serious security vulnerabilities.
Five is to use anti-DDoS attack services to ensure the availability and security of the organization’s IT infrastructure.
Sixth, continuously supplement and update knowledge for protection solutions from open sources or commercial sources to ensure information security./.
