Story image

Vietnam CERT plays major part in ASEAN cyber response drill

13 Sep 17

Vietnam’s Computer Emergency Response Team (VNCERT) conducted a major ASEAN CERT Incident Drill this week, which brought together emergency response teams from five different countries.

This year’s drill involved representatives from different ministries, sectors and localities from Southeast Asia, Australia, China, Japan, India and South Korea.

The drill, titled ‘Prevention of the dangers of lack of authentication and weak access control’, was also used to create scenarios for the various CERTs involved in the processing, investigation, analysis, troubleshooting and incident reporting.

The aim was to strengthen and maintain smooth communication between countries and their responses to network emergencies.

Deputy Minister of Information and Communications, Nguyen Thanh Hung also attended the drill and delivered the opening speech.

He also required the Vietnam CERT and other unity to develop their drill completion capacity and to comply with all international regulations in their common activities.

VNCERT states that Vietnam cyberspace is plagued with incidents. As of September 8 2017, VNCERT has been involved in recording and handling 1762 phishing scams, 4595 malware attacks and 3607 defacement attacks.

In a report by cybersecurity firm FireEye, researchers suspect that cyber espionage actors APT32, also known as OceanLotus Group, were behind many attacks against companies with business interests in Vietnam.

“Since at least 2014, FireEye has observed APT32 targeting foreign corporations with a vested interest in Vietnam’s manufacturing, consumer products, and hospitality sectors,” FireEye researcher Nick Carr says.

One of the suspected attacks was against Vietnamese and foreign-owned corporations in network security, technology infrastructure, banking and media. The attack occurred in 2016.

Between 2016 and 2017, Vietnam-based subsidiaries of US and Phillipine consumer products companies were also targeted.

According to Carr, APT32 actors once used a spear phishing attachment that was called ‘Plans to crackdown on protesters at the Embassy of Vietnam.exe’.

In 2015 and 2016, two Vietnam-based media agencies were also targeted with malware suspected to belong to APT32, and this year the group has used social engineering content to go after Vietnamese targets in Australia.

“APT32 operators appear to be well-resourced and supported as they use a large set of domains and IP addresses as command and control infrastructure,” he says in the blog.

Carr believes that APT32 is a cyber espionage group aligned with Vietnamese government interests.

“Targeting of private sector interests by APT32 is notable and FireEye believes the actor poses significant risk to companies doing business in, or preparing to invest in, the country. While the motivation for each APT32 private sector compromise varied – and in some cases was unknown – the unauthorized access could serve as a platform for law enforcement, intellectual property theft, or anticorruption measures that could ultimately erode the competitive advantage of targeted organizations,” he concludes.

Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.