Through early botnet detection systems, the Authority of Information Security (AIS) under the Ministry of Information and Communications (MIC) identified 18 government systems connected to botnet infrastructure (malicious computer networks) in September 2024.

321 government systems connected to botnet infrastructure in nine months

A botnet is a network of compromised devices under the control of attackers, often used to carry out cyberattacks. Devices in a botnet can be used to automate mass attacks such as spreading malware, causing server disruptions, and stealing data.

As of September 2024, the AIS's technical system detected 468,796 IP addresses in Vietnam connected to botnet networks, including 18 belonging to government entities.

These figures were recorded and reported to relevant agencies and organizations, particularly government bodies, for timely action. The AIS's monitoring system aims to detect internal threats early, especially from servers and workstations infected with malware that could become part of a botnet. Additionally, it shares information on cyber threats with international organizations and maintains continuous monitoring of botnet activities.

Cumulatively, from the beginning of the year through September, the National Cyber Security Monitoring Center (NCSC), directly under the AIS, identified 321 government systems connected to botnet infrastructure. The center also supported these entities in taking corrective measures.

75% reduction in IP addresses connected to botnet networks

In addition to targeted attacks (APT), the risk of devices, servers, and workstations being infected with malware and conscripted into botnet networks poses a significant threat to the safety of Vietnam's information systems and national cybersecurity.

To mitigate this, the MIC has implemented numerous measures to reduce malware infections and the number of Vietnamese IP addresses involved in botnet networks.

For instance, at the end of 2019, among approximately 16 million IP addresses in Vietnam, the NCSC found that 2 million were regularly part of large botnet networks.

The MIC has taken various steps, such as blocking access to websites containing malware from cracked software, issuing weekly warnings with instructions on how to handle infected devices, providing online malware scanning tools through khonggianmang.vn, and organizing annual nationwide malware scanning and removal campaigns.

One standout approach has been addressing the root cause of infections. In addition to encouraging agencies, organizations, businesses, and citizens to scan and remove malware from their devices, the nationwide malware cleanup campaign, led by the AIS, has tracked and blocked access to websites distributing malware and halted connections to 915 botnet command servers in Vietnam.

As a result, the malware infection rate, and the number of Vietnamese IP addresses in botnet networks have consistently decreased in recent years.

In September 2024, the number of IP addresses in Vietnam connected to botnet networks was 468,796, a reduction of over 75% compared to the end of 2019.

To maintain these gains, the AIS plans to continue implementing malware cleanup campaigns while raising public awareness and monitoring for malicious connections. The agency is committed to preventing malware attacks that threaten the security of both government institutions and individual users.

Van Anh