VietNamNet Bridge – The hacking of the Vietnam Airlines website at the Ha Noi and HCM City airports has signaled Viet Nam’s possible vulnerability to malware attacks.

Viet Nam News spoke to senior director from a cyber security company, an official and a network security expert about the matter.  

Nguyen Hong Phuc, freelance network security expert

What is your opinion of the hacking incident?

The confidential data leaked by the group came from a successful breach of Vietnam Airlines’ client database. The hacker(s) were clearly professional and the attack process must have been going on for a long time, it didn’t just happen for a day or a night.

After this incident, it’s quite possible that similar attacks can be launched at other websites and networks in Viet Nam. It’s essential that network administrators and system operators check their entire systems and enhance security.

I think the government should be responsible for being properly prepared for such network attacks at the national level.

Is lack of financial resource for investment in network security the main reason for such security weakness in Viet Nam?

It’s only part of the problem. Other important factors worth mentioning are the viewpoint and policies by the Government on network security.

I feel like there’s negligence at the Government and State level and an urgent need for proper investment in a national network security and digital infrastructure.

The establishment of a rescue organisation that consists of qualified experts on network security would help deal quickly with incidents in network security. We can’t just rely on one or two companies like we’re currently doing.

What can customers do to protect their private information in the absence of such effective network security?

Customers can do very little to protect against an attack at the level of the one conducted against Vietnam Airlines. But users need to change their passwords frequently, avoid using the same passwords for different websites, and change their credit card information if possible.

Wias Issa, senior director for Asia Pacific at FireEye

In a report released last year, FireEye pointed out that APT30, a group of Chinese hackers, have been hacking websites in Viet Nam and other ASEAN countries over the last 10 years with the aim of stealing political, diplomatic, economic and military information. Can you tell us a bit more about this hacking act?

We uncovered the efforts of a cyber threat group that had been exploiting the networks of governments and businesses in Southeast Asia and India for a decade.

This group, which we call APT 30, targets organizations which hold key political, economic, and military information about the region.

To gain access to these networks, the attack group targeted government officials, diplomats, business people and journalists. They sent personalized spearphishing emails in local languages to compromise these targets.

This allows them to break into the networks of organizations of interest relatively easily. They can then gather intelligence which might provide them with a political or economic advantage.

We still find this group’s malware, despite publicly revealing their activity more than a year ago. APT30 is one of about 600 threat groups that we track.

Can we track down who are the hackers?

Attribution is very difficult when it comes to cyber attacks like these. All indications suggest the Chinese government sponsors the group, but we don’t know a great deal about the individuals behind the effort.  

Are the network security systems of Viet Nam so weak that the hacking activities have been going on for 10 years - and are still going on?

There is a lot of room for some organizations in Viet Nam to improve their defenses. If an organization is using legacy security technologies, like antivirus and firewalls, to protect itself, then it can fall victim to advanced attacks relatively easily. Attackers today can bypass these defenses.

What are your recommendations for stronger security, not only in the aviation sector but also others?

Unfortunately, these sorts of attacks are becoming increasingly routine. Attackers become more sophisticated all the time, and they can bypass traditional cyber security defenses relatively easily. Organisations need to be able to detect and respond to unique attacks which haven’t been seen before. There’s no silver bullet to win this battle. It’s an ongoing effort and it takes a combination of technology, threat intelligence and expertise.

Dinh Viet Son, deputy head of the Civil Aviation Authority of Viet Nam

What were the consequences of the attack on the Vietnam Airlines’s website? How has the system been recovered?

The attack affected more than 100 flights, dozens of which were delayed for up to one hour on July 29.

But the hackers were unable to break into the search and ticket-booking system so flight operations and security systems at the airports still worked normally.

By August 1, VNA’s IT system had completed testing procedures and resumed normal operation. VNA has worked in close collaboration with experts from the Ministry of Public Security and other partners to isolate, take control, recover and restart the attacked programmes, as well as to inspect and review other programmes to ensure the safety and security of the whole system.

What can we do to cope with possible similar attacks?

Vietnam Airlines will work together with the Ministry of Information and Communications, Ministry of Public Security and other partners to strengthen network security.

Besides, these concerned parties will work together to track down the source of the attacks in order to properly prepare for similar attacks.

We have established a steering board to instruct on the recovery of the VNA network security system. Besides, all relevant units are asked to check and enhance their security systems.

VNS