Along with the trend of global digital transformation, the number of cyber attacks is also increasing year by year, with increasing severity and sophistication.

Let’s take a look at some of the largest recorded cyberattacks in the world with VSEC: 

1. Hackers infiltrated the data of the famous software company Adobe (2013)

Adobe announced in October 2013 that hackers had stolen data from the internet, including up to 2.9 million accounts’ personal information (usernames, passwords, real names, credit card numbers, and expiration dates). Soon after, internet hackers reported that this database had up to 150 million accounts (38 million of which are still active).

2. Sony’s expensive lesson in ignoring hackers’ warnings.

• In April 2011, hackers targeted Sony PlayStation Network (PSN), causing Sony’s Multiplayer gaming service, online game purchases, and other content to be leaked. The personal information of 77 million global gamers was involved in the incident, and hackers acquired access to their banking accounts.
• Sony was forced to pay $15 million in compensation to individuals harmed in order to pacify users. This corporation, on the other hand, detested hackers at the time when it rejected the warning for exposing the database vulnerability. The data is entirely unprotected and vulnerable to SQL Injection attacks.

Sony Pictures Entertainment, a Sony subsidiary, was attacked in November 2014 by a virus called “Guardians of Peace,” and the damage was significantly worse than before, surpassing 100 terabytes (1TB = roughly 1000 GB) with stolen confidential data. This time, hackers utilized the internet to steal movie scripts, emails, and personal information from 47,000 employees, forcing many to resign as a result of the loss.

3. A nightmare for the Korean banking system in 2014.

The key lesson learned by the Korean government after the cyber attack in January 2014 when hackers stole up to 100 million credit card numbers. 20 million more bank accounts were also compromised. The number of clients in these banks decreased by 2 million due to their concern that their personal information would be revealed, therefore they went to the bank to deactivate the card or switch to a safer bank.

4. The American credit company, Equifax, was on the verge of bankruptcy (2017)

Equifax, the credit reporting agency in the United States, acknowledged in a report that it has been dealing with a problem for months as a result of an internet attack. In July of 2017, they discovered the attack, which exposed the sensitive personal information of 143 million users in the United States, Canada, and the United Kingdom, as well as roughly 200,000 credit card numbers. 

Almost no solutions could assist the organization in recovering the information that was leaked as a result of the 2017 cyber attack. This incident was discovered as a result of an Apache Struts vulnerability that hackers completely exploited. The consequences were so severe that the company’s top shareholders and management were obliged to sell their stock quickly in order to avoid the crisis.

5. Online dating app Tinder was also a victim (2015)

This online dating app was hacked over the internet in 2015 with the intention of collecting all of its customers’ information. The genuine name, date of birth, postal code, IP address, and even sexual preferences of 4 million users have been made public on a forum accessible via the Tor browser.

But Tinder has not yet come to its senses; in 2016, it experienced greater losses, and the effects were 100 times worse this time. 400 million accounts have had sensitive information stolen, and 20 years of data from the massive dating service is now publicly available online. The Local File Inclusion approach (an attack technique for transferring a local file straight to the hacker’s internet resource repository) was utilized by the hackers.

6. Hotel Marriott customers’ information was exposed

This internet attack was carried out by hackers who targeted a database of up to 500 million Starwood hotel guests (including bank accounts) owned by Marriott. The security flaw has existed since 2014, however, the vulnerability just became apparent in September 2018. Marriott was only involved in the largest security litigation ever once.

The number of online attacks continues to climb year after year, necessitating the development of a well-defended, comprehensive network security system for information security. VSEC, Vietnam Network Security Joint Stock Company, provides the most cost-effective security solutions for organizations in information security evaluation, monitoring, warning, and troubleshooting.

Today, WordPress is one of the most popular website-building tools all over the world, and it is no exception in Vietnam. Data thieves will naturally direct their attention here. Consequently, its plugin – Elementor Pro – has been exploited by malicious cybercriminals who are taking advantage of a security flaw that was just patched with the intention of stealing sensitive information.

This flaw, identified as a flawed access control situation, is present in 3.11.6 and earlier releases. In the plugin’s latest version, 3.11.7, released on March 22nd, the issue was fixed. 

The Tel Aviv-based firm claimed in its release notes, “Improve code security enforcement in WooCommerce components. It is estimated that over 12 million websites use the premium plugin. An authenticated attacker can completely take over a WordPress site with WooCommerce functionality if they are able to exploit this highly critical vulnerability.”

“A malicious user only needs to turn on the sign-up page (if it’s off) and change the default user role to admin and they can instantly create an account with administrative privileges. With this authority, they can “redirect the site to another malware domain, upload an unauthorized plugin, or backdoor, and further exploit the site” Patchstack claimed in a warning released on March 30th, 2023.

Patchstack also reports that the flaw is being exploited from many IP addresses in an attempt to upload arbitrary PHP and ZIP packages. Users of the Elementor Pro plugin should upgrade to version 3.11.7 or the most recent version, 3.12.0, as soon as possible to protect themselves from security breaches.

According to the National Cyber Power Index 2022* study, Vietnam has made a stunning leap from 20th rank (in 2020) to 8th place (in 2022) on the list of countries with the highest information security capabilities in the world.

The World’s Top 10 Most Secure Countries for Cyber Security in 2022

Notably, Vietnam jumped from 16th to 3rd place on the intent index (which measures the level of interest and investment in Cybersecurity). This is a positive signal in raising the awareness and capacity to ensure information security of the government as well as the community in the country.

Mr. Phillip Hung Cao, Technology Solution Architect, Zero Trust Strategist, shared his thoughts on the report, saying, “Vietnam is in the 8th position in the NCPI 2022 report, showing that we are on the right track in actively creating diverse information safe playgrounds and communities for all ages and all growing together. We need to keep and cultivate an optimistic outlook for the future.”

*In 2020, the Belfer Center at HARVARD Kennedy School published its first National Cyber Power Index (NCPI) study. Mr. Eric Rosenback, Co-Director of the Belfer Center, shared the project’s vision to become a preeminent and rigorous research institution that provides solutions to the challenges faced by national leaders as a result of cyber attacks and conflicts. Organizational leaders can use the information gleaned from these studies to better prepare their armed forces to win a cyber conflict, mitigate the effects of attacks by using legal and regulatory mechanisms, etc. 

Currently, eight indicators—financial, surveillance, intelligence, commerce, defense, information control, destructive, and normative—are used to compile the report. Limitations in the report’s ability to measure such delicate aspects as troop strength, intelligence capacity, etc. were also noted. Vietnam jumped from 20th to 8th on the rank as a result of improvements in many categories, including defense, trade, destruction, and norms. 

Download the report here

According to National Cyber Power Index 2022

Building a team of high-caliber Cybersecurity specialists is regarded as one of the solid foundations for ensuring the national Cybersecurity framework and realizing Vietnam’s aspiration to become a global information security superpower.

As Minister of Information and Communications (MIC) Nguyen Manh Hung shared: “We must build a team of Cybersecurity specialists as the core. Particularly in the field of Cybersecurity, both good experts and industry play an important role. In addition to enterprises and tools, there must be outstanding individuals. Due to the fact that the tool only tackles known vulnerabilities. Unknown vulnerabilities can only be addressed by experts.”

According to the Information Security Center (ISC), the global scarcity of cybersecurity talent is estimated at more than 2.7 million positions. Although this number is lower than last year’s figure of 700,000, it continues to demonstrate a significant shortage of cybersecurity personnel. This workforce shortage is most severe in the Asia-Pacific region, where an estimated 1.42 million individuals are required – the largest shortage of any region in the whole world. This problem is not an exception in Vietnam. According to the Information Security Department (Ministry of Information and Communications), the human resources in Cybersecurity have failed to meet the demand in terms of both quantity and quality, particularly in the locality. By the end of 2020, Vietnam’s civilian force in Cybersecurity is estimated to consist of 50,000 individuals, while by 2021, we will require approximately 700,000 individuals. Therefore, Vietnam faces a paucity of human resources in Cybersecurity.

This significant demand creates extremely potential opportunities for those who are pursuing the field of cybersecurity with salaries and benefits that are considered one of the most attractive in the labor market today. However, the journey to pursue the path of becoming engineers and cybersecurity experts will also face many difficulties and challenges.

In fact, cyberattacks around the world, including in Vietnam, have grown in scope, complexity, and sophistication, with an increasing level of destruction. As a result, the quality of Cybersecurity human resources is another issue that requires consideration. Many young individuals who are interested in the Cybersecurity industry, or those who are studying and have a passion for this field, are still unsure about the path and direction of their personal growth in the Information Security industry.

With the objective of providing young personnel in the cybersecurity industry with a clear understanding of the industry, direction, and motivation to pursue careers as future cybersecurity experts, Cyber Security Technology Village organized the Seminar: “Cyber Security Training in Vietnam” within the framework of the TECHFEST 2022 series of events hosted by the Ministry of Science and Technology. Students and IT personnel who are interested in cybersecurity will find this event to be extremely beneficial and informative due to the participation of top-tier cybersecurity experts.

Register for the Workshop here: https://forms.gle/obX1Ka6JgEgYfHgQ9