JavaScript is off. Please enable to view full site.

Information insecurity a threat to everyone

Information insecurity a threat to everyone

Thursday, December 09, 2021, 10:38 GMT+7
Information insecurity a threat to everyone
Information insecurity in the digital age has become a threat to individuals, businesses, and organizations. Photo: B.C. / Tuoi Tre

Cyber attacks have revealed the Achilles heel of not only new startups in the market, but also the world’s technology giants.

The attack on an advanced centrifuge development and assembly plant at Iran’s Natanz uranium enrichment facility in 2010 exhibited the complexity of the Stuxnet virus that sabotaged Iranian enrichment centrifuges. 

Up to 1,000 centrifuges out of 5,000 were eventually damaged by the virus, which attacked Windows systems using an unprecedented four Zero-day exploits, according to reports.

This is also one of the largest and most damaging Zero-day attacks in the world.

A Zero-day is a computer-software vulnerability either unknown to those who should be interested in its mitigation or known and a patch has not been developed. 

Until the vulnerability is mitigated, hackers can exploit it to adversely affect programs, data, additional computers or a network in order to carry out illegal actions, causing damage to individuals and businesses.

In the current era of strong digital transformation with countless technological applications in life, security holes have created a fertile ground for hackers to profit from and cause harm to billions of users on the Internet.

The affected users can be individuals in financial frauds, cases of distribution of sensitive information, agencies, and organizations. 

Hackers will take advantage of vulnerabilities to attack and embed malicious codes in software to control the systems of their targets. 

The SolarWinds hack was a notorious example as up to 18,000 SolarWinds customers were thought to have originally received the malicious code while nine federal agencies and about 100 private sector companies were compromised.

Information security at startups

According to statistics, damage caused by computer viruses reached a new record in Vietnam, exceeding US$1 billion in 2020. 

In 2021, security holes have increased as many organizations and businesses are forced to open their systems to the Internet so that employees can access and work remotely during the COVID-19 pandemic.

This screenshot shows an entry regarding the information security case of Zalo posted on VinCSS’s blog.

This screenshot shows an entry regarding the information security case of Zalo posted on VinCSS’s blog.

Experts recommend that businesses build a long-term information security strategy, as well as regulations and procedures to prevent, handle, investigate, and respond to crises in case of information security loss.

It is also necessary for enterprises to ensure information security for end users, one of the links containing the most weaknesses, by regularly implementing awareness-raising activities and equipping them with skills to protect network security.

Enterprises can consult experts or refer to standard programs to build their own that is closest to their business conditions. 

At the same time, businesses should also conduct independent cyber security assessments and red teaming campaigns through professional information security testing service companies to review their current security response and protection capabilities.

However, startups with limited financial conditions often neglect to invest in information security. 

Experts recommend that the building phase of a company is the best time to grow a security culture, even with small financial potential. 

Companies need to control security throughout the life cycle of their products by applying information security standards such as OWASP, providing information security knowledge for application development and operation teams, and controlling utilities supplied by third parties.

Giant brands among the targets

Hackers not only attack international software with billions of users but they also target local technology products in countries with a large market of Internet users. 

Experts say that with 70 percent of the population using the Internet and utilities such as social networks, Vietnam is considered a very attractive target for cybercriminals.

In early August, hackers put many security holes for sale to take over user accounts of Zalo and Zalo Pay -- the leading chat and payment applications in Vietnam with more than 100 million accounts.

Pundits believe that if those vulnerabilities are mastered, hackers can easily access Zalo user accounts and view all messages, photos, and private data.

However, VinCSS Internet Security Services LLC timely detected the fatal vulnerabilities, helping Zalo to fix them and leaving no consequences.

VinCSS also widely shared information about the security breaches and its resolution with the community, which then became a reference for businesses and people interested in network security, as well as a reminder for users to increase vigilance of information security.

VinCSS’s expert Dang The Tuyen. Photo: B.C. / Tuoi Tre

VinCSS’s expert Dang The Tuyen. Photo: B.C. / Tuoi Tre

According to VinCSS, its experts have discovered more than 100 security holes in many globally popular technology products, software, online platforms, and services in the past three years. 

In 2021, VinCSS detected 40 security loopholes, of which 37 were at a serious level or higher, including those from such technology giants as Microsoft, Adobe, and Oracle.

For example, expert Dang The Tuyen, who was honored by Microsoft as one of the outstanding security researchers in the 2020-21 period, has found 26 security vulnerabilities, including five in ManageEngine -- the world’s leading popular business management and monitoring platform developed by India’s Zoho Group.

If ManageEngine is hacked, it will leave a serious impact on global customers, including nearly 10 major banks and the top corporations and businesses in technology, finance, real estate, insurance, and so on.

Tuoi Tre News

More

Read more

;

VIDEOS

‘Taste of Australia’ gala dinner held in Ho Chi Minh City after 2-year hiatus

Taste of Australia Gala Reception has returned to the Park Hyatt Hotel in Ho Chi Minh City's District 1 after a two-year hiatus due to the COVID-19 pandemic

Vietnamese woman gives unconditional love to hundreds of adopted children

Despite her own immense hardship, she has taken in and cared for hundreds of orphans over the past three decades.

Latest news