Technology

Security holes – ‘fertile ground’ of hackers


Not only start-ups are new to the market, even the world’s technology giants can reveal their “Achilles heel”, becoming victims of cyber attacks.

Today, information security (ATTT) has become a vital requirement for all businesses, organizations and individuals in the face of unpredictable threats from security holes.

Hacker’s “fertile land”

In early 2010, about 5,000 Iranian centrifuges at the nuclear plant in Natanz went “crazy” in a cyber attack that made Tehran unable to keep up. The perpetrator, identified as the Stuxnet virus, took advantage of an unpatched security vulnerability – known as a Zero-day vulnerability – in Windows to take control of computers that control centrifuges for uranium enrichment.

Security experts estimate that the attack of the “cyber missile” Stuxnet delayed the development of Iran’s ambitious nuclear program by about two years. This is also one of the largest and most damaging Zero-day attacks in the world.

In the current era of strong digital transformation with countless technological applications in life, security holes become a fertile ground for hackers to attack and profit, causing harm to billions of users on the Internet. the world in general and Vietnam in particular. According to a statistic of Cybersecurity Venture, global cybercrime causes a loss of 6 trillion USD in 2021, this number is estimated to reach more than 10 trillion USD by 2025.

From information security at start-ups

In Vietnam, according to statistics, in 2020, the damage caused by computer viruses has reached a new record, exceeding 1 billion USD. In 2021, security holes will increase as many organizations and businesses are forced to open their systems to the Internet so that employees can access and work remotely during the pandemic.

Experts recommend that businesses need to develop a long-term information security strategy that closely follows the characteristics of production activities; it is necessary to standardize regulations and procedures to meet information security such as procedures for prevention, handling, incident investigation and crisis response from the risk of information security loss.

Enterprises also need to ensure information security for end users by regularly implementing awareness raising activities, equipping all leaders and employees with skills to ensure network safety and security.

Start-ups in limited financial conditions often neglect to invest in ATTT. However, the reality shows that many start-ups have to pay a heavy price for this subjectivity. Experts recommend that the time to start building a company is the best time to build a security culture, even with a small financial potential. The company also needs to control security throughout the product development and deployment lifecycle by applying standards, equipping the team with information security knowledge, operating the application, and controlling the utilities provided. provided by a 3rd party.

Even billion-user software… is still “missing”

Not only attacking international software with billions of users, hackers also target indigenous technology products in countries with potential for Internet users.

In early August 2021, hackers posted for sale many security holes to take over user accounts of Zalo and Zalo Pay – the leading popular chat and payment application in Vietnam with more than 100 million users. If these vulnerabilities are mastered, hackers can view all private messages, photos, and data for a long time without the victim knowing!

Fortunately, this “fatal flaw” was detected and warned by the security experts of VinCSS Cyber ​​Security Service Company in a timely manner, helping Zalo to fix it and leaving no regrettable consequences. Information about security holes and the remediation process is widely published by VinCSS in the community, becoming a reference for businesses and those interested in network security.

Security holes - 'fertile ground' of hackers
A study on the mining chain in the Zalo application was published on VinCSS’s blog

According to VinCSS, the Cybersecurity Company of Vingroup, over the past three years, the company’s expert team has discovered more than 100 security holes in many technology products, software and platforms. , a famous, globally popular online service. In 2021 alone, VinCSS discovered 40 security holes, of which 37 were at a serious level or higher. Notably, the “big” technology Microsoft, Adobe, Oracle… are also included in the list of products and software containing weaknesses discovered and announced by VinCSS.

In addition to vulnerabilities that directly affect end users, VinCSS also discovered many security weaknesses that allow hackers to take advantage of attacks on large businesses and organizations. For example, expert Dang The Tuyen, who is continuously honored by Microsoft in the gold table of typical security researchers in the period of 2020 – 2021, has discovered 26 security holes, including 5 in ManageEngine – the world’s leading popular corporate governance and monitoring platform – provided by Zoho Group (India).

Security holes - 'fertile ground' of hackers
Expert Dang The Tuyen, a security researcher, is continuously honored by Microsoft for his valuable contributions

Currently, Vietnam is ranking very quickly in the global security research world, thanks to the possession of many security experts who regularly top the charts of Microsoft or Bugcrowd. The international recognition also affirms the capacity and efforts of domestic information security enterprises to contribute to protecting the safety and stability of cyberspace in the 4.0 era.

Minh Tuan

.

Leave a Reply

Your email address will not be published. Required fields are marked *