What to do when attacked by Ransomware? (1)

Cyber world trending VSEC - BLOG

February 2024 is said to be a month of complete chaos in cyberspace when there are consecutive ransomware attacks. Economic losses from cyber attacks and data loss reach billions of dollars. Even large businesses that are supposed to invest in information security are confused

Ransomware is appearing every day, every hour

According to statistics, 2023 is the year of “explosion” of ransomware attacks: the total amount of money paid by victims exceeded 1 billion dollars, 10% of organizations were targeted by ransomware. It can be seen that ransomware attacks on businesses are still a common trend and Vietnam is no exception to that trend, besides attacks on common users are gradually leveling off.

In recent times, LockBit Ransomware – LockBit 3.0 has also become the most serious threat that businesses are facing. This threat marks a significant advance in the field of ransomware, characterized by its sophisticated tactics and comprehensive capabilities. LockBit 3.0 not only demonstrates a superior ability to adapt to evolving cybersecurity defenses, but also demonstrates a higher level of organization and coordination. LockBit accounted for 27.93% of all known ransomware attacks between July 2022 and June 2023. This number highlights the group’s exceptional performance and efficiency in carrying out attacks network, demonstrating a level of precision activity that sets this group apart in the field of malicious cyber activity.

What sets LockBit 3.0 apart from its counterparts is not merely its popularity but also its methodological evolution. The team continuously refines its tactics, incorporates cutting-edge technologies, and adapts to the ever-changing cybersecurity landscape. This agility has allowed LockBit 3.0 to outperform traditional defense mechanisms, posing a persistent challenge for organizations of all sizes. Therefore, this line of malicious code is being used by many attackers.

Who are the real victims of Ransomware?

Nạn nhân Ransomware là ai?

According to VSEC statistics, all economic sectors have been “visited” by Ransomware. In 2023, the healthcare field is ranked Top 1 in the world with the most data breaches and attacks, the average cost of a data breach in this field has increased by 53.3%. exceeding 3 million USD compared to the average cost of only 7.13 million USD in 2020. In the United States, this sector is considered an important industry, especially infrastructure systems. Since the Covid-19 pandemic, the industry has seen significantly higher average data breach costs.

In Vietnam, from the beginning of the year until now, the information systems of a series of financial units, banks, public administration, etc. have been attacked, causing disruption of operations and material damage to the units. enterprise. This has stalled the entire system, not only causing heavy economic losses but also greatly damaging the reputation of the business.

According to the 2024 Cyber Security Report of Vietnam Cyber Security Joint Stock Company (VSEC), up to 70% of SME organizations have been experiencing Ransomware attacks. This shows that not only large organizations and businesses are the destination of hacker groups, but small units and businesses are also “easy prey” for hackers.

The price to pay for a “click” is too expensive!

The average cost of ransomware attacks can be challenging because not all data breach reports come to light. Some companies and small businesses prefer to quietly make their payments and sweep ransomware incidents under the rug, rather than admitting their shortcomings to regulators and addressing security issues. their data confidentiality. Average cost of ransomware attacks based on their own data in their annual report.

Financial costs of ransomware attacks

When backups are available, the average costs are somewhat lower — but these costs still run into millions of dollars.

The average cost of recovery from a ransomware attack (excluding ransom) is $1.82 million. Meanwhile $2.6 million is the average ransom to recover lost data, although this can be reduced to $1.6 million by using backups

The time cost of ransomware attacks

Time is money. It will take significant recovery time to get back on track, especially for companies that have chosen to pay the ransom fee. Up to 45% of organizations with physical backups were able to restore within a week, but for paid organizations the figure was only 39%.

How to act when attacked by Ransomware?

Cyber security experts from VSEC share that when the system is attacked, businesses need to take the following simple actions to ensure minimal damage. Enterprises need to evaluate the status of the incident to come up with an appropriate plan with two simultaneous implementation directions:

Isolate and maintain the status quo to investigate in detail the cause of the incident. Some forms of handling include temporarily isolating network connections from the outside network area into the system to prevent risks of spread and impact. Switch to use the backup system (if available). Collect device logs for future investigation.

Next, do not arbitrarily restore the affected system without determining the safety level of the system. This is extremely important in preserving evidence to help experts investigate the root cause.

In the absence of expertise, business organizations should contact companies that specialize in handling cyber attack incidents to get appropriate recommendations. Deploying a network security incident response service will bring businesses specific benefits such as: Helping quickly prevent/remediate system information security incidents; Limit and minimize economic losses as well as disruptions in the operations of organizations; The information system is always guaranteed 24/7

About VSEC

VSEC is the leading security assessment unit in Vietnam with 20 years of experience implementing information security activities domestically and internationally. As a pioneer information security management service provider in Vietnam, it has achieved important CREST certifications for SOC (Information Security Monitoring and Operation Center) and Penetration Testing (Penetration Testing) services.

Source: Cafef

Investigate the cause of a cyber attack through log files

Security for Newbie VSEC - BLOG

This time, I received a request to analyze log files to find the cause of an attack on a company’s website using WordPress. Website was attacked by hackers and data was deleted.

Below is an image of “one corner” of the log file.

In this investigation, I used SublimeText 3 and Google :v Initially, I read through the entire log file several times to grasp the structure of the file’s content. In general, this log file is not long (about 4500 lines), so I can easily grasp it. After reading through it a few times, I noted a few requests that were “different” from the rest. In addition to requests from bots and requests to read website articles, I have listed a few signs (in my opinion, they are suspicious). However, after searching Google for a while, those signs don’t say much. I started thinking that if the website had its entire database deleted, there would be some action related to “admin”, Ctrl + F and start searching.

Oh, a pretty interesting line as shown below (maybe because I missed this detail when I read the log):

At this point, I continued to google about the above request and discovered that this was a malicious request targeting a vulnerability in a WordPress plugin called “ThemeGrill Demo Importer”. This vulnerability allows attackers to delete all tables in WordPress.

Request: “GET /wp-admin/admin-ajax.php?do_reset_wordpress=1 HTTP/1.1”

More information about the vulnerability: By sending a call to /wp-admin/admin-ajax.php?action=anything&do_reset_wordpress=1, the database will be wiped and we will be logged in as “admin” if the “admin” user exists in the users table. Authentication is not required.

From the above information along with the fact that all articles on the Website were deleted, it can be concluded: The cause of the attack was because the Website used a vulnerable version of the ThemeGrill Demo Importer plugin. Hackers take advantage of vulnerabilities in this plugin to send malicious requests to delete website posts. Below is information about the patch (version 1.6.2):

Additionally, the source IP address of the attack on this website (107.180.225.158) was also shared on the internet, which means hackers exploited this vulnerability on many WordPress websites using the ThemeGrill Demo Importer plugin ( mid-2020).

Solution:

Block the source IP addresses of the attack and update the ThemeGrill Demo Importer plugin to the latest version.

Author: Hoang Duc Hoan – VSEC

[Shodan] – Search engines serve security, or the evil eye?

Security for Newbie VSEC - BLOG

Shodan ( https://www.shodan.io/ ) is a search engine designed by web developer John Matherly ( http://twitter.com/achillean ). Shodan is a much different search engine than content search engines like Google, Yahoo, or Bing. Shodan is a search engine to find online devices on the internet such as: computers, servers, webcams, routers… It works by scanning all devices on the internet that have open public ports. go to the internet and analyze the signals returned from the devices. Using that information, Shodan can tell you things like which web servers (and versions) are most popular, or how many anonymous FTP servers exist in a particular location, or return a list The cameras are accessible online via the internet. In general, with shodan you can search for any device on the internet as long as they have an internet connection and open a public port.

Shodan is effectively used in security testing of IOT (Internet Of Thing) devices by quickly detecting devices that are online and devices with security vulnerabilities. Shodan operates 24/7 so its data is always updated as quickly and accurately as possible.

With Shodan, hackers with evil tendencies (Black hat) can search for targets to serve hacking (walking hack). By reading notifications about newly appearing vulnerabilities, the notifications will often include additional information about the vulnerable service versions. Hackers rely on that service information to find targets on Shodan and exploit them. Or, it can also be used to peek at cameras with weak or no passwords, etc.

For security experts, Shodan becomes an effective Information Gathering tool for Pen Testing Applications, Pentest Server,… and it is also a useful reference channel for statistics and risk assessment. Potential security risks, the risk of being attacked by a certain vulnerability in a certain area. For example: Statistics to see how many servers can be exploited through the HeartBleed vulnerability in Vietnam?

=> Shodan is completely legal and does not violate the law. In essence, shodan just collects data that is already available on the internet, and shodan simply reports what it finds. However, users may violate the law if they use information from Shodan indiscriminately and without control!

Author: Hoang Duc Hoan – VSEC

What is the difference between Penetration Testing and Vulnerability Assessment?

For pentester VSEC - BLOG

In the dictionary universe of security assessment forms, Penetration Testing and Vulnerability Assessment are considered to be the two familiar and typical techniques that are most used. Although the functions, methods and implementation techniques may be different, in terms of final results, both methods aim to evaluate the security strength of the system.

To make it easier for businesses to choose which form of security assessment is more suitable for them, we will list some basic differences as below.

The difference between Penetration Testing and Vulnerability Assessment (Source: VSEC)

What is Vulnerability Assessment (or ​​VA)?

True to its name, VA is a form of security assessment through which businesses can find the most possible vulnerabilities. With a VA, the organization will respond to cyber-attacks on the system by identifying, classifying and resolving security risks and guiding to minimize the risks in the best way.

Recommendation: The unit in charge of the VA may not have specialized personnel or the management system may not be equipped with many security tools, but it may have identified the goal of checking for vulnerabilities in the system for appropriate recommendations.

The basic form of VA that these units perform often focuses on security assessment on websites, applications, etc and the business’s information technology infrastructure.

 

Why Vulnerability Assessment is needed?

All information security experts recommend that businesses need VA as soon as possible because the core value system of the businesses needs to be ensured the maximum level of security before expanding or upgrading in line with the speed of business development. Here are four basic reasons:

Firstly, VA helps identify threats and weaknesses in IT system security early

Secondly, after VA, the IT department will need to take corrective actions to close vulnerabilities and protect sensitive information systems.

Thirdly, VA helps businesses implement and meet compliance requirements, and applicable cybersecurity regulations such as HIPAA and PCI DSS.

Fourthly, VA helps protect against data breaches and unauthorized access

 

Only if a business has a dedicated security or information management team, should it perform Penetration Testing?

Not entirely correct. The assessment and testing by security experts will be a form of assessment that goes quite deeply into the business’ IT system in order to detect potential weaknesses and assess the security level of the system. There are many models and methods of security assessment for businesses to choose to minimize the risk of breaking the system’s security structure such as Pentest As A Service, Network Pentest, Web Application Pentest, Mobile Application Pentest, API. Pentest, etc..

In most cases, businesses that need to test their team’s defenses will choose Penetration Testing or even Red Team to test the system’s capabilities and professional qualifications of the staff themselves.

However, whichever form may be selected, businesses need to set clear goals, principles and limits for the form of an attack to ensure risk management during the security assessment.

Cyber security & frequently asked questions

Security for Newbie

Cyber security is one of the important issues for units operating on digital platforms. In this article, VSEC will provide you with frequently asked questions when you are new to the field of Information Security.

1. Why do hackers hack?

– Cyber security is the activity of protecting computers, servers, mobile devices, electronic systems, networks, and data from malicious threats. It is also referred to as information security or electronic information security. This term can be applied in various contexts and can be divided into several common types, as below:
– Application security: focuses on keeping software and devices free from threats. An infiltrated application may provide unauthorized access to the data it is designed to protect. Security should be started buiding from the design phase, before a program or device is deployed.
– Information security: protects the integrity and privacy of data, both during storage and transmission.
– Operational security: includes processes, regulations about handling and protecting data assets. The rights that users have when accessing the network and the procedures that determine how and where data can be stored or shared belong to the scope of this protection.
– Incident Recovery and Business’s continuity: determine how an organization responds to a cybersecurity incident or any other event that causes operational or data loss. Incident repair policies dictate how an organization restores its operations and information to return to normal functioning prior to the incident. Business continuity is the plan that organizations rely on when attempting to operate without certain resources.
– End-user education: resolves the most unpredictable cyber security factor: people. Anyone can accidentally introduce virus into a secure system if they do not conform to good security measures. Instructing users to delete suspicious email attachments, do not plug in unidentified USB drives, and other important lessons are crucial for any organization’s security.

2. Who or which organization can be attacked?

The reality is that in today’s world, all organizations are at risk of cyber attacks. The digital revolution is driving innovation in business, but it also brings new threats that organizations must face to. Exciting new technologies like virtualization, AI, and Cloud, etc. help organizations enhance the integration and reduce costs, but they also come with risks and the potential for exploitation. The more avenues for exploration, the more organizations must confront a greater number of cyber attacks.

However, for many businesses, the concept of cyber security remains quite vague and complex. Although it may be part of a strategic program, what does it truly mean? And what can organizations do to strengthen their defense systems and protect themselves from cyber threats? A common misconception is that cyber attacks only happen to certain types of organizations, such as well-known technology companies or financial institutions. However, the truth is that every organization has valuable assets at stake.

The losses from cyber attacks are significant. Tangible costs include stolen money, damaged systems, legal expenses, and financial compensation for affected parties. However, what can be even more damaging are the intangible costs—such as loss of competitive advantage due to stolen intellectual property, loss of trust from customers or business partners, loss of integrity because of breached digital assets, and overall damage to the organization’s reputation and brand—all of which can have a profound impact and, in extreme cases, even lead to a company ceasing operations.

3. What is Ransomware?

Ransomware is malicious software that uses encryption to keep the victim’s information for various purposes, with the most common being ransom money. The critical data of users or organizations is encrypted, preventing them from accessing files, databases, or applications, and with conditions to request for the access right.
Ransomware is often designed to spread across networks and target databases and file servers, thus can quickly cripple an entire organization. Threats related to ransomware are more and more increasing , causing damages amounting to billions of dollars paid to cybercriminals by businesses and government organizations all over the world.

4. Black hat and White hat?
A hacker is an individual or organization that uses their skills to breach cyber security defenses. In the world of cyber security, hackers are often classified into different “hats.” This system may have originated from the old cowboy movie culture, where good characters typically wore white hats and bad characters wore black hats.
There are three main “hats” in the cyberspace:

– White Hat: White hat is like Marvel’s Captain America. They always stand up for protecting the truth, people and organizations in general by actively identifying and reporting vulnerabilities in systems before bad characters find them. They often work for organizations and take on roles such as cyber security engineers, penetration test engineers, security analysts, CISOs (Chief Information Security Officers), and other security positions.

– Grey Hat: DC’s Dark Knight and grey-hat hackers have a lot in common. Both aim to protect the trutht but employ unique methods to do so.
Grey-hat hackers are a balance between white-hat and black-hat hackers. Unlike white hats, they don’t ask permission to attack the systems, but also do not perform any illegal activities like black-hat hackers. Grey hats have a controversial history, and some even must go to prison for their actions.

– Black Hat: The Joker is the closest comparison to black-hat hackers. They engage in illegal activities for financial benefit, challenge, or simply for entertainment purposes. They seek out vulnerable systems, exploit them, and use them to gain any advantage possible.
They can use both technical and non-technical measures as long as they achieve their ultimate objectives.

5. Why do hackers hack?

Hackers are individuals or organizations who gain unauthorized access to different information technology systems with a specific objective, such as gaining prestige by shutting down computer systems, stealing money, or causing network disruption.The experience gained from these attacks and the satisfaction derived from successful attacks can become an addiction. Some common reasons for launching attacks include reputation, curiosity, revenge, boredom, challenge, theft for financial gain, sabotage, corporate espionage, extortion, etc. Hackers are known to frequently cite these reasons to explain their actions.Furthermore, a very common scenario is when hackers steal data to assume identities and then use that data for other purposes, such as borrowing money, transferring money, ect. The occurrence of such incidents has increased with the popularity of mobile banking and internet banking services.

6. How to secure your private data?

Below are some tips to ensure your personal information does not fall into the hands of wrongdoers.

a. Create strong passwords

When creating passwords, think beyond easily guessable words or numbers that cybercriminals might easily figure out, such as your date of birth. Choose a combination of lowercase and uppercase letters, numbers, and symbols and change them regularly. You should also use a unique password instead of using the same one across multiple websites. If you are worried about remembering too many passwords, a password manager tool can help you keep track.

b. Avoid oversharing on social media

We all have a friend who post too many details about his life online. This not only causes annoyance but can also put your personal information at risk. Check your privacy settings to know who is viewing your posts and be cautious when sharing your location, hometown, date of birth, or other personal information.

c. Be cautious with free Wi-Fi

Most public Wi-Fi networks are not well-secured, which means others using the same network can easily access your activities.

d. Beware of links and attachments

Cybercriminals operate stealthily and often design their deceptive schemes to make them look like legitimate communications from banks, utility companies, or other businesses. Pay attention to errors such as spelling mistakes, unusual numbers or characters, wrong brand names, different email addresses from the usual senders, as these could be indicators of a trap.

e. Check if a website is secure

Before entering personal information on a website, check your browser’s address bar. If there is a padlock icon and the URL begins with “https,” it means the website is secure. There are other ways to determine if a website is trustworthy, such as checking their privacy policy, contact information, or “verified security” seal.

f. Consider additional protection

Installing antivirus software, anti-spyware software, and a firewall may not be foolproof methods, but they are essential for self-defense against low-level threats in the “flat world” era.

Above are some frequently asked questions when new to the concept of Information Security/Cybersecurity. If there are any questions not listed above, please follow the information here to be answered,

15 critical security flaws in the well-known US healthcare website were found by VSEC.

Case study VSEC - BLOG

Errors were discovered while applying VSEC’s Pentest service to a well-known American healthcare website, resulting in the discovery of 4 critical vulnerabilities, 3 serious breaches, and 8 possible flaws. Experts from VSEC quickly addressed all of these issues in the following two weeks, allowing businesses to move forward without worry…. Last June, VSEC received a contact from the city of Washington, USA. A company has requested that we investigate the safety of their website (their primary point of contact with customers) to ensure the complete safety of all data and assess any potential threats. VSEC promptly began developing the client’s system after evaluating their website!

About customers

Our clients are professionals in the medical industry who deliver cutting-edge, practical, and patient-centered healthcare solutions. Customers have demonstrated, from a new angle, that the health care industry must consider not just external health issues and hazardous substances, but also internal elements and potentials. It has left a lasting impression on many people and has contributed to the rapid expansion of our clients’ businesses. The customer’s annual sales have surpassed $17 million, and they have earned numerous honors for their success, including being named one of Inc. magazine’s Top 500 Outstanding Development Enterprises in 2016 and one of Seattle Business Magazine’s Top 100 Best Businesses to Work for in 2014–2016. 

Challenge

After ten years in business, clients have amassed a vast quantity of data on their servers. When a company relies heavily on technological resources, it is its most valuable asset. The publicly available website serves as the main entry point to the data warehouse. The security measures taken by the customer to protect their website are the determining factor in whether or not their data will remain secure. Clients need to do research on the organization, on the needs and goals of many people, and on the specific area of health care they need help with in order to come up with each plan, program, and suitable health care. While this is great for customers, it also means that cybercriminals will have more opportunities to steal sensitive information. In order to prevent the misuse of the customer’s resources and the revelation of sensitive information, it is imperative that the website’s security be verified. The customer is a small to medium-sized business, thus it has few available employees and no IT security experts. Client saw the value of VSEC’s Pentest Penetration testing service and contacted the company after searching for it online. Many strict regulations, such as BASEL, PCI/DSS (Payment Card Industry Data Security Standard), and others, have been enacted by the host country’s state-owned bank to protect information security. Each member of the technical team carries numerous tasks. Information security evaluation and testing is typically outside of their capabilities because of the sheer diversity and volume involved. Banks need to ensure they are in compliance with the ever-changing set of regulations that govern their industry. 

Solution

Access to the primary website account login page, the user management center login page, and the support partner website login page are all validated by VSEC. In order to evaluate the security of its customers’ systems from the outside without having any prior knowledge of the system, VSEC employs the Black Box method in Pentest through these three portals. Specifically, VSEC professionals take on the role of attackers, mimicking actual attack methods in an effort to locate vulnerabilities in websites. After two weeks of testing, specialists identified fifteen separate flaws. After the service is complete, VSEC generates a report and hands off implementation to the client, along with suggestions for corrective measures and preventative measures.

Benefits of the service

Pentest is known to have a lot of benefits. One of them is rapid rollout with little information collected from end users. It also helps reduce the overall cost of security and the time needed to patch security vulnerabilities in data systems. Customers have been motivated to learn more about VSEC and its services by these factors. And after experiencing its benefits firsthand, customers are ecstatic, praising Pentest for its ability to cut down on investment costs in the system, protect against most vulnerabilities, and lessen the severity of any damage that does occur, plus create a more streamlined workflow.

Conducting a penetration test on the system of a TOP 1000 world bank

Case study VSEC - BLOG

Our clients are those who operate in the banking sector. In line with the trend, they are actively developing online software utilities to provide more convenient services for current clients as well as expand their new client network. These utilities is often accompanied by security risks. VSEC’s VCHECK penetration testing service visually demonstrates the significant risks of an online banking application. They may arise from the potential for a valid user to proactively access the full bank account information of other clients.

About clients

Our client is a joint-stock commercial bank in the Top 1000 largest banks in the world, with total assets of nearly USD 6 billion and more than one million regular active accounts. After nearly 25 years of operation, this bank has been frequently awarded prizes such as EuroMoney, Asian Banker, The Banker, and so on from prestigious international organizations.

Challenge

To enhance transaction convenience, the bank has developed a Mobile Banking application on mobile phones. Through this software, clients can query and conduct basic transactions similar to when they do so at a teller counter. At the time of assessment, over 1.06 million bank accounts have been activated and regularly used. The service development has posed challenges regarding information security assurance. Bank account numbers are considered non-confidential information. When conducting online transactions, many users provide them on websites for transferring money to buy and sell goods and services However, certain account-related financial details must always be protected at the highest level: account balance, transaction information, etc. Securing this information is the responsibility of the bank which provides the technological infrastructure. In the home country, the state bank has also issued many strict regulations that bind banks to comply with and ensure information security, such as BASEL, PCI/DSS, and so on. Due to handling multiple tasks with a heavy workload, technical personnel often lack the necessary resources, time, and skills to carry out information security assessments and testing. As regulations become increasingly specific, banks are required to ensure proper compliance and consistently maintain control checks.

Solution

One of the biggest concerns of banks is whether the Mobile Banking application that is provided to clients is safe or not, and how well user data is protected. As a result, the bank needs to use an information security penetration testing service to obtain objective and multidimensional information. VCHECK is VSEC’s overall information security service, which includes penetration testing. The service is capable of imitating the most realistic way that external attackers take advantage of the vulnerability to illegally collect Client’s data. To begin the penetration testing process, the Bank provides VSEC the name of the Mobile Banking application on the Google Play (Android version) or Apple Appstore (iOS version). VSEC technicians will act as attackers and imitate real-life techniques in order to identify software vulnerabilities. Skilled engineers combined with various specialized tools will learn how the Mobile Banking application works and how the server interacts with the application to detect weaknesses, reconstruct security errors and finally report. After 10 days, a VSEC engineer establishes a bank account as a customer of the bank. With the key technique of using a proxy, it assists the engineer in fully comprehending how the application works and how it interacts with the Bank’s server. The application includes many different components, VSEC engineer noticed a serious issue while allowing him to view the details of any other account. This serious security error occurred because computer programmers did not closely apply to user account management and safe programming standards. VSEC have transferred the entire implementation process to the Client. Simultaneously, VSEC recommended to remedy it by modifying the application and providing the ability to verify whether the query submitted to the server is valid, and the correct information of the client is using or not.

Benefits of VCHECK security testing service

Deployment is quick and Clients do not need to provide much information.

Penetration testing project for government agencies

Case study VSEC - BLOG

This time, our customer is the state management agency in charge of information security, responsible for establishing regulations and policies of information security. This is also the unit in charge of assisting government agencies and businesses with information security. 

Although it is a State agency, the team of information security specialists is relatively small, It is challenging to meet the demands of completing multiple tasks at once.

Furthermore, the unit lacks objective evaluation from external partners to exclude cases of omission due to subjective factors from internal employees.

In our experience, we have provided evaluation and penetration testing services for your system and applications. From there, we can determine the best suggestions and solutions for the unit. VSEC collaborates with the unit to deploy solutions of reducing information security risks such as Pentest testing of the entire system, application, etc.

Following the working procedure, we have quickly identified a large number of risks and vulnerabilities on the unit’s system and applications. This reduces the risk of being attacked and exploited in the unit’s system and application, and thereby contribute to ensuring the image of the State management agency on information security and social security.

Monitoring information security for the state’s provincial unit information management agency

Case study VSEC - BLOG

The client is an agency in charge of managing the website system representing the voice of the state, informing and orienting information across the entire province. They own a system of more than 150 websites that operate continuously 24/7.

The number of websites requiring monitoring is substantial. The business operations are diverse. The connectivity system is extensive. There is a high volume of access traffic. The displayed information must ensure absolute accuracy and integrity.

Provide 24/7 security monitoring services for critical website systems, install 24/7 downtime monitoring for the entire website, periodically review vulnerabilities, offer recommendations, and collaborate on remediation efforts. Coordinate with on-site personnel to address identified vulnerabilities.

The client enhances their capability to manage and monitor information security for critical website systems. This reduces personnel costs and investment for the IT security team while whole system is still guaranteed to be monitored 24/7. It also decreases response time to incidents.

Information security monitoring for a pioneering corporation in green cities

Case study VSEC - BLOG

The customer is an FDI enterprise, a branch of a multinational corporation in the field of motorcycles and automobile assembling and manufacturing, whose market share is among the top motorcycles and automobile business enterprises in the Vietnam market.

Subject to the general regulations on information security of the parent group. Using monitoring services for external threats (data leak, web phishing, etc.), monitering the reputation of international providers at a great cost. Building a team in charge of local information security leads to the need for great support from partners.

Providing monitoring services for external threats (data leak, web phishing, etc.), and reputation monitoring. Coordinating and discussing with customers to continuously optimize the monitoring process.

VSEC SOC detects and promptly informs customers about fake websites and leaked data of customers published and sold on the dark web and dark forums. Provide services with reasonable cost and international-suppliers-level quality. Support the local team in the process of ensuring information security for businesses.

Webinar: Hack hackers with “multi-dimensional” defense tactics

Event VSEC - BLOG

On July 11, 2023, the webinar “Hack hackers with “multi-dimensional” defense tactics organized by The Vietnamese Security Network (VSEC) in collaboration with Vietnam Internet Association (VIA), took place successfully and leaving many good impressions in the IT community and small and medium enterprises in Vietnam. With useful sharing from experienced speakers in the industry, the webinar attracted the attention of more than 150 attendees.

The security story is not only for large businesses anymore, but regardless of the object, any business of any scale, whether it generates or owns large sources of data or liquidity, is the target of the company. cybercriminals for profit.

Monitoring information security in the enterprise
SOC is one of the security trends in the past 5 years. Large enterprises have equipped themselves, only a few small and medium enterprises pay attention to this issue. In his presentation, Mr. Vu The Hai – Head of VSEC Information Security Monitoring and Operation Center affirmed: “Information security solutions cannot prevent 100% of incidents. No solution provider commits that their solution can prevent all attack incidents.” Therefore, when system solutions, solutions, technologies and machines cannot be solved, we need to have a plan to detect and handle such attacks and incidents – that is by human means. People. At VSEC, SOC always ensures compliance with British CREST standards and other standards such as Azure.

Time to start SOC
Enterprises need to build SOC as soon as possible, should build immediately after having equipped with basic security solutions. At this time, the number of personnel, the amount of information and the processes just needs to be simple and moderate to suit the working environment.
It is not necessary to have a centralized SIEM system, a system to collect and analyze logs, you can directly use the portal of those solutions.

What do I need to prepare to work at SOC?
Webinar is not only for small and medium enterprises but also attracts a lot of students interested in working at SOC. To be able to work at the Information Security Monitoring Center, students need to master the basic knowledge: programming skills, system skills, application management and usage skills… Then , strengthen more specialized skills in SOC such as malware, web, common attacks, writing rules to detect malicious code….

 

Realistically react to Hackers using the Red Team method
The concept of Red Team (Deep Penetration Assessment) is very familiar in the international market. However, in Vietnam today, this concept is still not well understood and deeply understood, making businesses still hesitant to use Red Team.

With experience in participating in Red Team assessment for many domestic and foreign organizations for financial and banking units, etc., Mr. Be Khanh Duy – Head of VSEC’s Southern Regional Expert Service team said in the era Regarding the current development of network security, Red Team has become a trend in Vietnam, bringing many benefits to organizations and businesses. Before deploying Red Team, businesses need to plan and prepare thoroughly to ensure the process is efficient and brings the desired results. Here are some key steps businesses should take before implementing Red Team:

Identify goals: Clearly outline the Red Team’s goals and objectives. Identify specifically which part of your organization’s security infrastructure, processes, or people you want to evaluate and improve. Besides, it is also necessary to set the Red Team’s attack target, for example: Internet Banking system, Customer information,…
Scope and Rules of Engagement: Clearly define the Red Team’s scope, including the systems, networks, and applications that are in scope and those that are out limitations eg: Core-Banking system, no leadership Phishing,… Establish rules of engagement to ensure Red Team operates within legal and ethical boundaries.
Get Stakeholder Consent: Ensure approval and support from key stakeholders, including upper management, IT team, legal department, and any other stakeholders. They should be aware of the goals, benefits, and potential risks associated with Red Team exercises.

“Currently the cyber environment is no longer safe. For organizations that always put information technology security first, it is even more important to protect their company’s data assets. Therefore, using Red Team can increase the responsiveness of the organization and improve the defensive knowledge of your Blue Team team.” Mr. Be Khanh Duy affirmed.

Digital social management and implementing instruction for Decree 53

Cyber world trending VSEC - BLOG

Digital Society Management and Decree 53, which guide the implementation of a number of Cybersecurity Law articles

Decree 53/2022/ND-CP guiding the implementation of a number of articles of the Law on Cybersecurity will take effect on October 1. With the technology development, especially the connection technology infrastructure in the globalized world, these are the necessary regulations that VSEC experts will share the following from the perspective of the supplier: provide network security services.

Interview with Mr. Truong Duc Luong – Chairman of VSEC

Question: We have recently received contact from a number of foreign newspapers  and members of the community who are keenly interested in Article 26 regarding regulations for foreign enterprises providing cross-border services. As a network security expert, could you provide your perspective on this matter?

Mr. Truong Duc Luong: Within the framework of the law, I think it is necessary to have regulations like this. With the development of technology, especially technology infrastructure, it has made connecting easier than ever. Technological applications have also created a parallel society to the real society in which we live every day. We can call it a digital society. Digital society has many common features of real society and also has many unique features. The most basic feature is borderless, identity. Digital society, besides the positives, also comes with many negatives like the real society, and the development of the digital society also needs to be accompanied by management measures to help the population to be less affected by negative impacts such as intimidation, fraud, fake information, etc. 

VSEC – The first MSSP service provider in Vietnam to achieve CREST international certification for Pentest and SOC services 

Many technological tools, like the Internet and social media platforms, etc., originate from the West and bring with them Western philosophies and cultures. Digital society can therefore be said to be built mostly from the West. And in the development process, the conflict between the real society and the digital society is understandable when the borderless nature is different from the borderless nature of the real society. These contrasts are evident in areas like perceptions of freedom, business practices, and tax views. 

Mr. Truong Duc Luong – Chairman of VSEC. 

This brings us to the content of Article 26 of the Decree, which defines the types of enterprises/businesses that will be governed by the law. These are companies in the fields of communication (social networks), finance (payment gateways), and commerce (markets, electronic floors). Managing real society and digital society, in my opinion, real society must be prioritized because incidents in digital society can cause significant damage in real society. Numerous examples in the media have demonstrated this. A digital society can emerge from anywhere in the world due to its borderless nature. Therefore, the management of the digital society will be difficult to achieve effectively without a real way of linking between the manager and the unit that creates the digital society. 

Currently, article 26 is carrying out methods including: Storing identity data in Vietnam and Setting up offices/branches in Vietnam. In the future, there may be other methods. However, for now, I think these two tools are enough to start. In my opinion, there are some following reasons. Firstly, electronic transactions and the inherent nature of identity technology are often weak. As a result, detailed requirements for the information to be stored will make it feasible to enforce management when issue occur. Secondly, the law was introduced in 2018, and now after 4 years, businesses in Vietnam have had a certain growth to meet the technical requirements of modern storage. Thirdly, legitimacy is important in management. Additionally, when there are people who have the authorities to work and be present in Vietnam, it has created more efficiency in coordination, management information or handling issues. Therefore, having offices or branches of “virtual society” companies in Vietnam has had great effects on managers. 

The proposed law will often take time to put into practice and adjust accordingly. I hope the law will be a good tool for the virtual society to become healthier and more positive, bringing good value to the real society

Thank you Mr. Truong Duc Luong,

 

Learn more about Decree 53/2022/ND-CP here

Source: VSEC