The hacking of the Vietnam Airlines website at the Hà Nội and HCM City airports has signaled Việt Nam’s possible vulnerability to malware attacks.

Việt Nam News spoke to senior director from a cyber security company, an official and a network security expert about the matter.  

Nguyễn Hồng Phúc

Nguyễn Hồng Phúc, freelance network security expert

What is your opinion of the hacking incident?

The confidential data leaked by the group came from a successful breach of Vietnam Airlines’ client database. The hacker(s) were clearly professional and the attack process must have been going on for a long time, it didn’t just happen for a day or a night

After this incident, it’s quite possible that similar attacks can be lauched at other websites and networks in Việt Nam. It’s essential that network administrators and system operators check their entire systems and enhance security.

I think the government should be responsible for being properly prepared for such network attacks at the national level.

Is lack of financial resource for investment in network security the main reason for such security weakness in Việt Nam?

It’s only part of the problem. Other important factors worth mentioning are the viewpoint and policies by the Government on network security.

I feel like there’s negligence at the Governmentl and State level and an urgent need for proper investment in a national network security and digital infrastructure.

The establishment of a rescue organisation that consists of qualified experts on network security would help deal quickly with incidents in network security. We can’t just rely on one or two companies like we’re currently doing.

What can customers do to protect their private information in the absence of such effective network security?

Customers can do very little to protect against an attack at the level of the one conducted against Vietnam Airlines. But users need to change their passwords frequently, avoid using the same passwords for different websites, and change their credit card information if possible.

Wias Issa

Wias Issa, senior director for Asia Pacific at FireEye

In a report released last year, FireEye pointed out that APT30, a group of Chinese hackers, have been hacking websites in Việt Nam and other ASEAN countries over the last 10 years with the aim of stealing political, diplomatic, economic and military information.

Can you tell us a bit more about this hacking act?

We uncovered the efforts of a cyber threat group that had been exploiting the networks of governments and businesses in Southeast Asia and India for a decade. 

This group, which we call APT 30, targets organizations which hold key political, economic, and military information about the region. 

To gain access to these networks, the attack group targeted government officials, diplomats, business people and journalists. They sent personalized spearphishing emails in local languages to compromise these targets. 

This allows them to break into the networks of organizations of interest relatively easily. They can then gather intelligence which might provide them with a political or economic advantage. 

We still find this group’s malware, despite publicly revealing their activity more than a year ago. APT30 is one of about 600 threat groups that we track. 

Can we track down who are the hackers?

Attribution is very difficult when it comes to cyber attacks like these. All indications suggest the Chinese government sponsors the group, but we don’t know a great deal about the individuals behind the effort.  

Are the network security systems of Việt Nam so weak that the hacking activities have been going on for 10 years - and are still going on?

There is a lot of room for some organizations in Việt Nam to improve their defenses. If an organization is using legacy security technologies, like antivirus and firewalls, to protect itself, then it can fall victim to advanced attacks relatively easily. Attackers today can bypass these defenses.

What are your recommendations for stronger security, not only in the aviation sector but also others?

Unfortunately, these sorts of attacks are becoming increasingly routine. Attackers become more sophisticated all the time, and they can bypass traditional cyber security defenses relatively easily. Organisations need to be able to detect and respond to unique attacks which haven’t been seen before. There’s no silver bullet to win this battle. It’s an ongoing effort and it takes a combination of technology, threat intelligence and expertise.

Đinh Việt Sơn

Đinh Việt Sơn, deputy head of the Civil Aviation Authority of Việt Nam

What were the consequences of the attack on the Vietnam Airlines’s website? How has the system been recovered?

The attack affected more than 100 flights, dozens of which were delayed for up to one hour on July 29.

But the hackers were unable to break into the search and ticket-booking system so flight operations and security systems at the airports still worked normally.

By August 1, VNA’s IT system had completed testing procedures and resumed normal operation. VNA has worked in close collaboration with experts from the Ministry of Public Security and other partners to isolate, take control, recover and restart the attacked programmes, as well as to inspect and review other programmes to ensure the safety and security of the whole system.

What can we do to cope with possible similar attacks?

Vietnam Airlines will work together with the Ministry of Information and Communications, Ministry of Public Security and other partners to strengthen network security.

Besides, these concerned parties will work together to track down the source of the attacks in order to properly prepare for similar attacks.

We have established a steering board to instruct on the recovery of the VNA network security system. Besides, all relevant units are asked to check and enhance their security systems.

A representative from NukeViet Forum administration board

In general, network security in Việt Nam has not been effective enough. Private information protection has not been properly managed by enterprises and even by customers themselves. Most enterprises do not have a dependent network security team, while network security services have been used by only a few customers.

It’s not because we lack talented people in this field – we do have many of them, but their talents have not been effectively utilised. Some firms think they don’t have anything to lose, while others have difficulties with financial resources. On the other hand, some enterprises think network security means buying and using some kind of anti-virus software or closed-source commercial software, or leaving the entire network security task to a sole service provider. It’s a mistake.

In order to have better network security, I think it’s essential that enterprises and organisations in Việt Nam change their mindset. Once you have properly thought about this, you’ll have ways to deal with risks, whether you have a huge budget or a limited amount of funding.

It’ll be easier for firms because they have to change to be able to avoid losses. For big firms, they can hire professional network security teams. For those with limited resources, they can develop network security systems themselves based on an open source software system.

Governmental bodies are the ones with higher risks. They don’t have a flexible budget mechanism, while the mindset on network security has not quite evolved.

Basically, to have effective network security systems, we have to start with national policies on the education and training of information technology. A few training courses on network security, like we’ve been doing, can’t help address the matter at its core. Our only way is to be able to use open source software, then be able to develop this open source software, which is an invaluable source of knowledge granted to countries like Việt Nam so that we are not left behind. — VNS