7. August 2019
Vietnam Suffers Most Southeast Asia Offline Cyber Attacks Q2 2019
Vietnam’s Ministry of Information and Communication has published details of its incoming cyber attack statistics on its news site. The statistics were obtained from its cybersecurity partner Kaspersky, prior to the release of the 2019 Q2 Kaspersky Security Bulletin.
The report details a staggering 19 million online--27.7 percent of Vietnamese users--and 99 million offline--59.9% of users-- attacks in the first six months of 2019. Yeo Siang Tiong, Kaspersky Southeast Asia’s General Director, advised that this is a reduction from the previous quarter, which may indicate an increase in the implementation of governmental and societal security measures, according to the MIC.
RiskIQ, a USA-based cybersecurity multinational has just released their ‘Evil Internet Minute’ in which they detail how, globally, $2,900,000 USD is lost each minute to cybercrime. This is obviously, and necessarily, an issue high on everyone’s financial and security agendas.
With a population approaching the 100 million mark, of which 66% are engaged in Internet usage and 60% are mobile social media users, Vietnam is a country with rapid economic and digital growth. And where there is big growth, there are big opportunities for cybercrime. Unfortunately, Vietnam has been ranked as the third worst in the world for its cybersecurity, behind Algeria and Indonesia, ranked at positions 1 and 2 respectively for their poor scores.
Vietnam is in the midst of a digital war, just as it is in the midst of mobile social media lift-off. It has seen an increase of 16% in its social media usage since 2018. Smartphone usage is 72%, laptop/desktop usage is currently 43% of the adult population, and Vietnam is experiencing average usage of 6hrs 42min of internet access per day on any device. This is similar to the global average, but without the sort of cybersecurity which other countries with similar ‘screen times’ have spent years developing.
Rapid economic and digital expansion can often create a time lag in the adoption or dissemination of preventative measures to protect individuals and the wider national or global community as the region’s digital growth exceeds expectations. However events, such as the Vietnam Security Summit 2019, held on April 17th this year, boasted 1,700 delegates and visitors, and more than 55 sponsors and speakers, including Vietnam government officials and cybersecurity industry CEO’s, and business leaders, indicate an understanding of the need to implement a range of protective measures, fast.
The impact of cybersecurity measures cannot be viewed in parallel with on-the-ground physical security. The connected, fluid nature of cyberspace means that it manifests as a transnational threat which provokes, and of necessity, requires a transnational response. All nations are open to attack. Their capacity and preparedness to protect their assets also impacts those around them. Hackers will exploit the weakest link in any chain and therefore a strong, globally united front is one of the best defences.
With the raft of new threats to financial institutions, and potentially national security, comes a decision on how to manage the issue. The types of legislation vary widely across Southeast Asia, and the Asia-Pacific regions. Decisions on how to legislate will have a direct impact on the ability of financial institutions, media groups and individuals to interact with 3rd parties, through their devices and, unfortunately, has the potential to limit the growth of the very structures the legislation is aiming to protect and support.
The positioning of ‘cyberspace’ as a threat vector creates a starting point of fear and anxiety which can only be assuaged by the distribution of tighter and tighter means of control. The trifecta of ‘opportunity’, ‘information management’ and ‘data protection’ are in a constantly dynamic state, which needs to be held in fluid tension by global administrations, in order to keep their finance, industry, and societies safe.
Inevitably norms of behaviour are created through dialogue between different groups and the Council for Security Cooperation in the Asia Pacific is a case in point. The Council defines an arena which crosses a full spectrum of cultural concepts of dialogue and norms with its membership of 21 full members including Australia, Vietnam, Cambodia, China, and Russia. Concepts and ideologies translate equally to the cyber arena, even when their practical application has to be more technologically specific.
Vietnam’s Cyber Legislation
On 12 June 2018, the National Assembly of Vietnam passed its newest Cybersecurity Law. It came into force on the 1st January 2019, amidst global concerns regarding its potential to be utilised for repressive strategies in curbing ‘dissident’ voices in Vietnamese society.
Whilst these concerns are valid, it is important to remember that Vietnam is also involved with multi nation think tanks, within which dialogues creating guidance for stakeholders can occur. Positions beyond polarising ends of a spectrum can be explored, from which groups can seek understanding of multiple cultural standards and behaviours. After all, whilst governance and law comes out of the cultural bedrock of a society, it has opportunities to evolve with the changing times.
It can be seen as increasingly repressive, when it is held in comparison to another, a fact which matters very much at this digitally fast juncture in history. The populations of different countries are able to create comparisons from active positions of knowledge, of their respective polarities, thanks to the very mechanism that is potentially being restricted.
Generation Shut Down
With restrictions often comes a backlash. The development of a new and highly tech-savvy, mid-level affluent youth population could be seen to be a problem when this population is faced with the internal restrictions and censorship when it is aware that these are not globally the norm. The levels of Vietnamese spoken in hacker forums and on the dark web appears to have risen significantly in recent times.
Recent tension between global social media and the governance of Vietnam have heightened and the number of requests by national administration to media giants like Facebook has increased significantly. Alongside requests for removal of material from social media, there are discussions about the responsibility these giants have to keep lines of communication open between potentially opposing views, adding to the possibility of beneficial dialogue.
Conversely, it could be argued that any hacker development trend is also creating a population from which it can find the best cyber minds, and recruit them to provide the counter measures of the future.
The Global Risk Report produced by the World Economic Forum positions cyber-attacks and data breaches fourth and fifth on their list of serious risks to global stability and security.
Large scale aversive interventions can disrupt countries and regions as well as blocks and cities. Dependency on tech, on the Internet, and on devices is increasingly making people and nations susceptible to instability as a result of their level of connectedness. Possibilities of increased geopolitical tensions and reduced trust can arise as a result of divisive cyber attacks and include possible manipulation from malicious actors on the ideologies or ideas of a nation.
It could be argued that due to the faceless, cloaked nature of malicious cyber actors, there is always a possibility of provoking and manipulating aggressive responses from governments and institutions through the interconnected conduit of emotion and behaviour. Trigger one and get the other. This can be seen through the spread of fake news, which occurs as a result of a provoked response.
Lines of attack
On-line attack is the most lucrative attack position for organised gangs because of the large amounts of profit which can be made from a single point of entry by a metaphorical backdoor, or bulldozer. Local, offline attacks have evidently become much more common, with malicious actors targeting the wider population through the use of infected USBs, DVDs, CDs and external devices.
Corporate ransomware accounts for a large percentage of the profits these hackers reap, whilst utilizing local devices can ensure the distribution of viruses, worms, and other types of malware. Advanced phishing, cryptojacking, app fraud and, utilising Artificial Intelligence, the Internet of Things and home automation are all up and coming trends of cyber breach and cyber crime.
How we protect ourselves, our information, and our neighbours is an ongoing question. One which the numerous conferences and symposia pose to their thousands of delegates. It is one that has multiple answers and those answers change with the wind and the tide of external code, as it sweeps through our carefully constructed, but ultimately flawed and fragile systems. The only real answer is to progress forward with a united, flexible and adaptable, front, side and rear guard. Only by creating equally strong links will the vast numbers of adversaries be held sufficiently at bay. The apparent cross-cultural, inter organisational, and global cooperation seems to be a positive step in this direction.