Cybercrime , Fraud Management & Cybercrime , Geo Focus: Asia
Vietnam Struggling to Contain Growing Cybercrime Ecosystem
Credential Theft Operators Target Banks and Financial Services to Earn MillionsThe Vietnamese government recorded more than 20 million cyberattack alerts between January and March, 33% more than in the same period last year. The surge in attacks coincides with rising cases of credential theft by hackers on banks and financial institutions, both in Vietnam and abroad.
See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk
Lt. Gen. To An Xo, formerly the chief and currently spokesperson for the Ministry of Public Security, said in a press conference on April 3 that cybercriminals targeted the networks of many agencies and organizations, locking businesses out of their systems, stealing tens of gigabytes of data and defacing official websites.
The government launched a crackdown on individuals and groups that conducted more than 600 online scams in the period to steal over $4 million from victims, he said. Law enforcement authorities arrested 377 people, and more arrests are expected.
Xo's statement follows the Ministry of Information and Communications' Authority of Information Safety asking government agencies, organizations and businesses to take "drastic measures" to protect their information systems amid a major surge in cyberattacks.
"Many information incidents have been reported recently, causing losses in property and harming the reputation of agencies, organizations and businesses as well as the national information security," the authority said.
AIS urged organizations and businesses to complete cybersecurity evaluations of their information systems by April 15, prepare incident response plans, make arrangements to back up systems and important data, and periodically perform threat hunting activities to detect threats.
Data from cybersecurity company Kaspersky shows Vietnamese organizations faced the highest number of cyberattacks in Southeast Asia - 17.1 million attacks - in 2023, compared to 14.6 million faced by Indonesia, whose economy is almost three times larger.
Rise of Info Stealer Campaigns
The increase reflects the growing capabilities of Vietnamese cybercrime groups that have acquired sophisticated tools and tactics over the years to enhance their success rate. Security researchers have, in particular, noted frequent use of info stealer malware by Vietnamese hacker groups to steal corporate credentials.
Cybersecurity company Group-IB said in February that Vietnamese hackers used VietCredCare, a stealer malware, to compromise credentials at 21 domestic banks, four e-commerce platforms, 12 major Vietnamese enterprises, nine Vietnamese government agencies and other organizations.
Hackers used the compromised credentials for financial gain by selling them to the highest bidders or to access corporate systems and data to perpetrate further criminal activities. The info stealer also helped adversaries compromise the Facebook accounts of prominent businesses to commit financial scams.
The cybersecurity company also observed Vietnamese hackers using the GoldDigger banking malware in 2023 to steal credentials from 51 Vietnamese financial apps, e-wallets and cryptocurrency applications. The malware could harvest second credentials issued for two-factor authentication and implement keylogging functions, allowing it to capture credentials (see: GoldDigger Banking Malware Targets Vietnamese Android Users).
Vietnamese Hackers Going Global
During the pandemic, cybercriminals based in Vietnam expanded their credential theft operations on a mass scale, finding new ways to breach corporate firewalls worldwide to enable further crimes such as ransomware attacks.
Microsoft announced in December that it obtained a court order to seize U.S.-based infrastructure used by Vietnamese cybercrime group Storm-1152, which sold hundreds of millions of fraudulent Microsoft accounts and tools to bypass identity verification software across well-known technology platforms.
"Storm-1152 created for sale approximately 750 million fraudulent Microsoft accounts, earning the group millions of dollars in illicit revenue and costing Microsoft and other companies even more to combat their criminal activity," the technology giant said.
Microsoft said ransomware groups and other cybercrime operators engaged in data theft and extortion bought millions of fraudulent Microsoft accounts from the Vietnamese group to breach corporate defenses, gain access to sensitive systems and data, and launch second-stage attacks to ultimately extort victims.
"This allows criminals to focus their efforts on their ultimate goals of phishing, spamming, ransomware and other types of fraud and abuse. Storm-1152 and groups like them enable scores of cybercriminals to carry out their malicious activities more efficiently and effectively," Microsoft said.
Vietnam-based hackers also used the DarkGate information stealer malware - as well as Ducktail, Lobshot and Redline Stealer - to target the digital marketing sector in the United Kingdom, the United States and India last year. According to security firm WithSecure, hackers tricked marketing professionals into downloading malicious files masquerading as job descriptions and salary details (see: Vietnamese Hackers Hit Digital Marketers With Info Stealers).
DarkGate malware, first observed in 2017 and used frequently by Vietnam-based hackers, can perform a range of actions, including keylogging, privilege escalation, cryptocurrency mining, stealing information from browsers and as a "dropper" to install additional malware, including remote access software.
Government Crackdown Inefficient
The growing domestic cybercrime industry in Vietnam has victimized millions of citizens too. A report from the Global Anti-Scam Alliance and the Anti-Fraud Social Project in Vietnam says that Vietnamese citizens lost an equivalent of $737 on average to online scams in 2023.
The report found that as much as 70% of the population is exposed to online scams, and the nation lost about $16.23 million to online scams in the calendar year. Recognizing the growing crisis, the government has taken a few measures to make it difficult for criminals to use telecommunications and the internet to perpetrate scams.
The Information and Communications Ministry has given mobile telecom companies until April 15 to deactivate all pre-activated SIM cards, also known as "junk" SIMs. and to ban the sale of such SIM cards at retail points to eliminate anonymous text-based and phone-based scams.
Vietnam passed a national data protection law in 2023 and continues to claim major law enforcement victories against cybercrime, but rising cybercrime incidents affecting the banking and financial sector indicate that the cybercrime industry has largely avoided the government crackdown.
The government has chosen to pass the blame to the private sector. In August, the Authority of Information Security bemoaned a lack of seriousness among organizations to ensure the security and privacy of citizens' personal information This resulted in frequent data leaks and breaches and exposed the nation's inability to safeguard citizens' data, DIS said.
The authority's deputy head for planning and development, Đỗ Hải Anh, said Vietnam-based organizations' awareness about personal information protection remains low. "Information providers were careless, supplying data indiscriminately, especially on social media," she said.
Vietnam has more than 75 million internet users, close to 70,000 digital technology enterprises and an ICT industry worth $150 billion. Yet, according to DIS data, the country has only 3,600 information security workers across government and private sectors - about one-tenth of the workforce the country needs to adequately secure information assets.
Considering the critical shortage of information security personnel in the country, the data protection law, passed in July last year, gave small and medium enterprises a grace period of two years to appoint data protection officers and data protection departments to oversee the security and privacy of personal data.
DIS has threatened to conduct inspections and audits at organizations that collect and process citizens' personal information on a large scale to verify their compliance with the data protection law. Such organizations include telecommunications companies, social media companies and multiple-user platforms.