VietNamNet Bridge – Information security experts say the malwares penetrating into the computers at state agencies always aim to deliberate attacks, therefore, they can easily beat popular anti-virus software products, while general security measures have not been paid attention by the agencies.

Vu Quoc Khanh, Director of the Vietnam Computer Emergency Response Team (VNCERT) said the favorite way of the hackers when attacking enterprises and state agencies is attacking via the email systems.

Hackers would forge the email of a person and send text file (.doc, .xls) to relating people. When users open the files, the malicious codes would exploit the holes of Windows operation system to install the spyware into the users’ computers.

After that, with the assistance of the spyware, hackers would take next steps to hijack the computers, collect information, open the back doors and conduct destruction activities.

“We have discovered the malwares which operate only during the starting process and stop when computers began operating,” Khanh said.

Also according to Khanh, a lot of “smart” malwares have appeared which prove to be more dangerous than others. These include Flamer, Gauss or Duqu, developed by big organizations, and in many cases, backed by the nations. The systems have been mostly used to attack the national important systems of other nations.

Many Vietnamese organizations and agencies have discovered the malwares which can fool the currently popular software pieces.

However, there has been no statistics or report about the influences and damages caused by the malware to the agencies. It is because a lot of state agencies, though having been hacked, have not been cooperative enough with relevant agencies to find out the reasons.

According to Ngo Viet Khoi, Business Director of Trend Micro Vietnam, a survey by Trend Micro has found out that Enfal spyware alone has penetrated and stolen data from 800 systems in the world. This includes 394 systems in Vietnam.

Security experts say the spyware uses new malicious codes; therefore, it can fool the anti-virus software installed in users’ computers.

Moreover, the anti-virus software products copyright have not been extended, therefore, they have not become smart enough to fight against the spyware, thus creating more favorable conditions for the malware to break in.

Especially, the experts have warned that when accessing to the systems of the agencies and organizations with smart phones or tablets, this would create a hole for hackers to exploit and distribute malware.

General information security solutions not applied

Khoi of Trend Micro Vietnam said Vietnamese enterprises and institutions have spent more money on information security works. However, what they have done is just buying anti-virus software for personal computers, while they have not use comprehensive solutions which allow to keep a close watch over the health of the systems, find out the networks attacked by spyware and regularly check the systems to find out holes.

“The investments prove to be ineffective. They just make us feel secure, while in fact, they cannot fix the holes of the systems,” Khoi said.

Agreeing with Khoi, Vu Quoc Thanh, Secretary General of the Vietnam Information Security Association said the most popular security solutions applied by enterprises and agencies are anti-virus software (80 percent), firewall (60 percent). Meanwhile, only 10 percent of them use Security Event Management.

Buu Dien