Vietnam cyber security overview in 2022 and predictions for 2023
09:25:00 | 22-12-2022

In 2022, the damage caused by computer viruses to Vietnamese users is 21.2 trillion dong (equivalent to 883 million USD). For the first time in more than 10 years, Bkav's statistics show that the recorded damage is lower than previous years. This is the result of the cyber security assessment for individual users conducted by Bkav Corporation in December 2022.

Globally, cybercrime has cost the world more than USD 1 trillion per year, or 1.18% of global GDP. The loss of USD 883 million (equivalent to 0.24% of Vietnam’s GDP) is low in comparison to the rest of the world. Along with that, Vietnam has increased 25 places in the GCI global cybersecurity index, showing the efforts of the government and domestic cybersecurity community.

However, the 2022 cybersecurity landscape in Vietnam still has hot spots of concern: account-stealing malware has been able to “penetrate” the 2-factor authentication; the number of computers infected with APT malware is high; ransomware redirects its attack to servers; online financial scams boom; Vietnam has up to 6.8 million users participating in the cryptocurrency market, which is potential but also challenging, and so on.

The number of Vietnamese computers infected with 5 popular malwares in 2022

180,000 computers in organizations infected with APT malware

According to Bkav's statistics, 180,000 computers in Vietnamese agencies and organizations have been infected with APT malware in the past year. The main distribution route is still sending emails with content that entices or urges recipients to open attachments. The malware is activated as soon as the user opens the file, thereby silently operating on the victim’s computer: installing other component modules for remote control, stealing data, escalating privileges, taking advantage of the device to penetrate deeper into the systems of agencies and organizations, and so on.

To bypass security systems, malware uses a lot of sophisticated techniques, such as DLLSideLoading (hiding under system software, well-known software such as Google, Office, and antivirus software), fileless, being programmed in different languages, CVE, bootkits, rootkits, etc.

Account-stealing malware can 'penetrate' the 2-layer authentication

If you think accounts with 2-factor authentication are absolutely safe, you are wrong. This is not the case with PasswordStealer. This malware has infected more than 525,000 computers in Vietnam in the past year, with more than 15,000 variants, stealing and hijacking the victims’ Facebook, Gmail, bank accounts, e-wallets, etc.

In order to bypass the 2-factor authentication, hackers first use the stolen cookies to log into the account. Next, they use passwords to authenticate and perform a series of operations such as changing phone numbers, recovery emails, setting new passwords, and logging out of other devices to take over accounts.

PasswordStealer primarily spreads through cracked and fake software. However, Bkav’s survey shows that 14% of users still choose to install software from any source found via Google instead of looking for an official source such as a manufacturer's website or a reliable software repository. 21% of users are not in the habit of checking for viruses before opening files from the Internet. These are alarming numbers, leading to a high risk of being infected with this malware.

Macro – a dangerous 'way paving' malware

The popularity of text files and the perception that these files are less dangerous are the two main reasons leading to the outbreak of Macro malware in 2022, more than 1.5 million computers of Vietnamese users are infected with this malware. After entering the computer, the malware collects information, installs other malicious codes, and especially spreads to other document files to spread more strongly.

The second-leading cause of infections in the past year was the FileStealer malware, which infected 750,000 computers. This huge number of infections is due to the combination of spreading via USB and impersonating the icons of PDF and MS Office software, making users mistake the malicious code for document files and open them. When FileStealer is enabled, it searches for and uploads all.doc,.docx,.xls,.xlsx, and.pdf files to the hacker's server.

Ransomware redirects attacks to servers

In 2022, Bkav experts recorded a large-scale ransomware attack campaign, targeting servers containing accounting data.

If, in 2021, less than 1,000 servers were infected with ransomware, 2022 records more than 14,500 computers, according to Bkav’s statistics. Particularly, are attack campaign targeting servers containing accounting data from April 2022 (which is still ongoing) has infiltrated 1,355 servers.

Mr. Nguyen Tien Dat - General Director in charge of AntiMalware of Bkav said: “The server is a place to store important data of agencies, organizations, and businesses, as well as a place to publicize services on the Internet, so hackers can more easily access it. Along with that, the expectation of financial gain from ransom encryption is the reason why this malware has spiked recently”.

Bkav's survey shows that 40% of Vietnamese users either do not back up data or do it incorrectly (back up to another drive on the same computer). This causes significant damage when a ransomware attack occurs, making data recovery impossible.

To reduce the risk, Bkav recommends that users regularly back up important data and store it in another place, such as a USB or External Hard Drive, another computer, or Cloud Storage (like Google Drive, One Drive, iCloud, etc.). Install antivirus software with ransomware prevention for automatic protection.

Booming online financial scams

Over the past year, many people have become victims of online financial scams. It can be mentioned as the case of losing 2.1 billion VND in the account due to SIM upgrade fraud (in Ho Chi Minh City) or the case of losing more than 5.5 billion VND after answering the phone and following the request of the fake police officer (in Hanoi).

In addition to the two forms mentioned above, bad guys also "create" many scenarios to trick users into traps such as depositing money to do "online tasks", impersonating relatives to request money transfers, impersonating authorities to report traffic violations, and so on.

The hacker’s "carpeting" strategy and increasingly sophisticated tricks make users become victims with just a little carelessness. According to Bkav’s statistics, 3 out of 4 Vietnamese users receive online financial fraud messages and calls.

Faking SMS Brandname messages from banking and financial institutions is also favored by hackers in 2022. According to Bkav’s survey results, more than half of Vietnamese users are bothered by these messages. Thanks to the improvement in users’ cyber security awareness, the number of people following the requests in fake messages only stands at 5.7% (according to Bkav's report), but this is still “fatty bait” for hackers.

To avoid falling victims to these phishing campaigns, users are advised to verify information at the organization’s official website. Do not rush to make transactions via addresses, phone numbers or emails received from the same Brandname message.

6.8 million participants in the cryptocurrency market – Challenging but also potential

According to Bkav’s statistics, Vietnam currently has 6.8 million participants in the cryptocurrency market, making it among the top countries with the highest number of participants in the world. This has many potential security risks, because this is a new, incomplete, and unrecognized market in many countries, including Vietnam. According to Bkav’s survey, 49% of domestic cryptocurrency investors do not have a full understanding but "play" according to the crowd’s spirit or with friends.

Mr. Nguyen Van Cuong - General Director in charge of Cybersecurity of Bkav said: “The issue of cryptocurrency security is quite complicated, from the risk of being manipulated by public opinion, the price control of issuers by algorithms, the fraud control mechanisms of exchanges and issuers, to cyberattacks by hacker groups, and so on. Users should be fully equipped with knowledge, especially paying attention to audit information when participating in this market. This is important information, but not many users are interested in it.”

Cryptocurrencies are built on Blockchain technology, consensus mechanisms, and finite algorithms. These coins, like Luna and UST coins, can be manipulated or controlled by the issuer or algorithms, resulting in their collapses. Valued by 'trust', it is also easily collapsed by public information, such as the collapse of the FTX exchange. The famous cryptocurrency attacks in 2022 can be mentioned as: the attack on Wormhole (February 2022) causing a loss of 325 million USD, the Ronin Network attack causing a loss of 625 million USD (March 2022), and the attack on Binance causing a loss of 570 million USD (October 2022).

However, the large number of domestic users willing to enter this brand-new market shows the potential that Vietnam can lead the cryptocurrency sector in the future. In fact, over the past time, there have been many Vietnamese projects with initial success on this market, such as Axie Infinity, Coin98, Kyber Network, etc.

Predictions for 2023

In the coming year, scams in the form of texting and calling will continue to be popular when hackers can make money easily with deals up to billions of dong. Although user awareness has improved, hackers will have more and more sophisticated tricks.

The attractive financial returns will also make ransomware continue to flourish in the coming year. The ransomware attack campaign (which is still ongoing) has infiltrated 1,355 servers containing accounting data from April 2022. Last year, many agencies and businesses “called for help” but could not overcome because they did not perform backups or did not install proactive software to protect against attacks.

Experts predict that APT attacks for espionage purposes will increase in 2023. Bkav recommends agencies and organizations continue to comply with and further accelerate the implementation according to Directive 14/2018/CT-TTg “On improving the capacity of anti-malware” and 14/2019/CT-TTg “On strengthening cyber safety and security to improve Vietnam’s ranking index” by the Prime Minister to improve the capacity and effectiveness of Vietnam's cybersecurity.