TRG Blog

Cybersecurity Threats Loom Large for Vietnam's Financial Sector

Written by Rick Yvanovich | Fri, Apr 19, 2024

Financial institutions around the globe are under constant attack from cybercriminals, and Vietnam's financial sector is no exception. These attacks are becoming increasingly sophisticated, evolving alongside the nation's rapid digital transformation.

This article will delve into the current cybersecurity landscape in Vietnam's financial sector, exploring the nature of the threats, recent attacks, government initiatives, and essential steps for both institutions and individuals to fortify their defenses.

Table of content:

1. A Chronicle of Recent Attacks: A Cause for Concern

2. The Evolving Threat Landscape: A Multifaceted Assault

3. Vietnam's Response: Bolstering Cyber Defenses

4. Building a Robust Defense: A Shared Responsibility

5. The Road Ahead: Constant Vigilance and Continuous Improvement

A Chronicle of Recent Attacks: A Cause for Concern

Several recent attacks on Vietnamese financial institutions serve as stark reminders of the ever-present threat:

  • March 2024: A previously unknown hacking group called Lotus Bane targeted a Vietnamese financial entity, showcasing the emergence of new threats.
  • March 2024: VNDirect Securities JSC, a major Vietnamese brokerage firm, was forced to shut down its systems for a week after a ransomware attack. This incident disrupted trading activities and caused customer inconvenience.
  • April 2024: Vietnam Oil Corporation (PVOIL) was hit by a ransomware attack, disrupting their electronic invoice system. This attack demonstrates the potential for cyberattacks to cause widespread disruption beyond just financial institutions.

These are just a few examples, and the true number of attacks is likely much higher, as many incidents go unreported.

The Evolving Threat Landscape: A Multifaceted Assault

Cyberattacks on financial institutions encompass a wide range of tactics, each designed to exploit vulnerabilities and achieve financial gain. Here's a closer look at some of the most common threats Vietnam's financial sector faces:

  • Malware: Malicious software like Trojans and ransomware remain a significant threat. Trojans like GoldPickaxe, discovered in 2023, target both Android and iPhone users, stealing login information and facial recognition data. Ransomware attacks, where cybercriminals encrypt data and demand a ransom for its release, are a major concern for businesses. A 2024 Kaspersky survey revealed that a staggering 67% of businesses in Southeast Asia, including Vietnam, have been victims of ransomware attacks.
  • Phishing Attacks: These social engineering scams attempt to trick individuals into revealing personal information or clicking on malicious links. Phishing emails often impersonate legitimate financial institutions, creating a false sense of security. With Vietnam experiencing a surge in online phishing scams, with over 95% targeting banks and financial institutions according to the Ministry of Information and Communications (MIC), vigilance is crucial.
  • Advanced Persistent Threats (APTs): These targeted attacks by sophisticated hacking groups pose a significant threat. A new group called Lotus Bane was discovered targeting a Vietnamese financial entity in March 2024, highlighting the evolving tactics of these cybercriminals.
  • Supply Chain Attacks: These attacks target third-party vendors and partners of financial institutions, exploiting weaknesses in their security to gain access to the financial institution's systems.
  • Zero-Day Attacks: These exploit previously unknown vulnerabilities in software, making them particularly dangerous as there are no security patches available.

The financial sector is a prime target for cyberattacks due to the vast amount of sensitive data it stores, including customer financial information, account details, and transaction history. A successful attack can result in significant financial losses, reputational damage, and a loss of customer trust.

Vietnam's Response: Bolstering Cyber Defenses

The Vietnamese government is aware of the growing threat posed by cyberattacks and is taking steps to address it. Here are some key initiatives:

  • The National Cyber Security Centre (NCSC): Established under the Ministry of Information and Communications (MIC), the NCSC plays a vital role in coordinating national cybersecurity efforts. They work to identify and mitigate cyber threats, block fraudulent websites, and raise awareness about cybersecurity best practices.
  • Personal Data Protection Decree (Decree 13): This decree outlines regulations for data privacy and security. While it mandates reporting data breaches within 72 hours, it lacks specific security measures, creating a gap that needs to be addressed.
  • Network Information Security Regulations: These regulations establish minimum security standards for information systems, including firewalls, access controls, and incident response procedures.
  • Sectoral Regulations: These tailor security requirements to specific industries, such as stricter protocols for online securities trading.

These initiatives represent a positive step towards strengthening Vietnam's cybersecurity posture. However, more needs to be done to effectively combat the evolving threat landscape.

Building a Robust Defense: A Shared Responsibility

In addition to the government’s responses, the responsibility for cybersecurity in Vietnam's financial sector rests on several shoulders:

Financial Institutions:

  • Investment in Security Measures: Financial institutions need to invest in robust cybersecurity measures, including:
  • Multi-layered security systems: This includes firewalls, intrusion detection and prevention systems (IDS/IPS), data encryption, and vulnerability management programs to identify and patch weaknesses in software.
  • Employee Training: Regularly train employees in cybersecurity best practices, including phishing awareness and how to identify and report suspicious activity.
  • Incident Response Planning: Develop a comprehensive incident response plan that outlines procedures for detecting, responding to, and recovering from cyberattacks.
  • Data Security Controls: Implement data security controls such as access controls, data encryption, and data loss prevention (DLP) to protect sensitive information.

Individuals:

  • Be Wary of Phishing Attempts: Don't click on suspicious links or open attachments from unknown senders. Verify the legitimacy of a sender before responding to emails or calls requesting personal information.
  • Strong Passwords: Use strong, unique passwords for all online accounts and enable two-factor authentication (2FA) whenever possible.
  • Software Updates: Keep your software, including operating systems and applications, updated with the latest security patches.
  • Download with Caution: Only download applications from trusted sources and avoid downloading from unknown websites.

Collaboration is Key

Financial institutions and individuals play a crucial role in safeguarding the financial sector, but collaboration is key. The government can facilitate this collaboration by:

  • Promoting Information Sharing: Encourage financial institutions to share information about cyber threats and best practices with each other and with the government. This can help to identify and mitigate emerging threats more effectively.
  • Public Awareness Campaigns: Launch public awareness campaigns to educate Vietnamese citizens about cybersecurity threats and best practices. This will empower individuals to protect themselves online.
  • Regulatory Framework Review: Regularly review and update the legal and regulatory framework for cybersecurity to ensure it remains effective in the face of evolving threats.
  • By working together, the government, financial institutions, and individuals can create a more secure financial ecosystem in Vietnam.

The Road Ahead: Constant Vigilance and Continuous Improvement

Cybersecurity is an ongoing battle, and there is no silver bullet. Vietnam's financial sector faces a constantly evolving threat landscape. However, by implementing robust security measures, fostering collaboration, and promoting cyber awareness, Vietnam can build a more resilient financial system capable of withstanding cyberattacks and ensuring a secure financial future for its citizens.

Additional Considerations:

  • The role of international cooperation: Cybercrime transcends borders. Vietnam can benefit from collaborating with international partners to share information about cyber threats and best practices.
  • The impact on financial inclusion: Cybersecurity concerns should not impede financial inclusion initiatives. Striking a balance between security and accessibility is crucial.
  • The rise of Fintech: The growing popularity of Fintech solutions in Vietnam introduces new security challenges. Regulations and security measures need to adapt to this evolving landscape.

In conclusion, Vietnam's financial sector faces a significant challenge in securing its systems against cyberattacks. By acknowledging the evolving threats, implementing robust security measures, fostering collaboration, and promoting cyber awareness, the sector can build a more secure financial future for its organisations and consumers.

For more content like this, please subscribe to our blog and have the latest technology and industry insights sent straight to your inbox.