The reports focus on the main content of the information security situation in the first 6 months of 2024. Publish statistics on information security work, make recommendations on measures to strengthen information security in the coming time.
Regarding the overview of the domestic information security situation, it mentions data encryption attacks targeting large organizations and enterprises, with the attack form not stopping at the application server but attacking the virtualization infrastructure, storage, and data backup to encrypt and destroy all backups.
Overview of the information security situation of shared data centers. In general, the network systems and information systems located in shared data centers are subject to various forms of cyber attacks but no significant damage has been recorded.
Regarding the form of cyber attacks from the internet, attacks exploit security vulnerabilities of information systems. Regarding the server system, it is noted that many servers are infected with malware, attacked as a springboard, attacked from within, many servers do not maintain regular security patches and updates for operating systems and background software.
For users, it is important to note that many internal user computers/devices are connected to the Command and Control Server (CnC). Controlling these servers is very important in mitigating cyber attacks and protecting user data .
- Common phenomena:
+ Record user computers connecting to botnet networks, CnC servers (58 devices)
+ Account information leaked - sold online (155 accounts)
- Common causes:
+ Using cracked software (operating system, office software, ...)
+ Using software of unknown origin
+ Access websites and advertising links that have been infected with malicious code
+ Use the same password when creating an account to use online services
Recommendations on measures to enhance information security for information systems
- Complete and implement security assurance for information systems at all levels.
+ Ensure full technical solutions according to level requirements
+ Regulations on operation and information security assurance (information security incident response process)
+ Fully deploy technical solutions at all levels (network, server, application, data)
- Implement information security assurance according to the 4-layer model: On-site force (building specialized information security human resources; building SOC; monitoring 100% of important information systems), Professional monitoring and protection services, Periodic information security inspection and assessment services, Connecting and sharing with NCSC.
- Some essential measures to take with the server
+ Ensure the ability and maintain security patch updates (operating system, software)
+ Harden servers and applications (authorization, connectivity, ...)
+ Limit attack surface (network connection, geography, ...)
+ Ensure minimum equipment: antivirus and centralized management, log transfer to SOC
+ Data backup (periodic; 3-2-1 rule; ensures restoreability)
- For system administrators
+ Computers and devices used for administrative connections must not use cracked software, software of unknown origin, or untrusted software, etc.
+ Minimal installation: antivirus and centrally managed
+ Only use secure connections when performing administration
- Update warning information and recommendations to overcome information security risks from the Department of Information Technology and Communications (Department of Information Security, NCSC under the Ministry of Information and Communications; Government Cipher Committee; Ministry of Public Security, etc.)
Measures to enhance information security for users
+ Regularly disseminate, update knowledge, and raise awareness for users about information security (Regulations and regulations on information security of the Ministry, legal regulations on ensuring network information security,...)
+ Use licensed software and antivirus software on workstations
+ Special note:
Do not use cracked software, software of unknown origin, or unreliable software
Be careful when accessing strange websites, strange links, ...
Beware of email: fake, scam, malicious information
Use strong passwords, change them regularly...; do not share passwords