Bkav Corporation has just announced the analysis which showed that malware attacking Vietnam Airlines – the nation's flag air carrier also appeared in many other organizations and businesses.
Previously, July 29, Vietnam Airlines website was defaced with image of the hacker group 1937cn, data of more than 400,000 Golden Lotus customers was leaked online. Besides, audio and screen systems at Tan Son Nhat and Noi Bai, two bigest airports in Vietnam, were modified to spread distortions about the East Sea. Right at night of July 29th, in related writing on Vietnam leading cyber security forum WhiteHat.vn, Bkav experts said that to carry out this attack hacker had penetrated deeply into the system, using spyware to monitor and control the administrator's machine.
According to the analysis results of Bkav Malware Research department, malware after breaking into computers will deguise itself as an anti-virus software to hide for a long time without being detected.
Malware frequently connects to C&C server by sending data through domain Name.dcsvn.org (an imitation of the website of the Vietnam Communist Party) in which a name can be customised as per the specific names of organisation or busninesses.
The malware is capable of collecting accounts and passwords, receiving commands from hacker to control victim machine remotely, performing malicious actions such as deleting traces, changing audio files, displaying information on screen system, encrypting data etc. Additionally, malware also has components specialized to manipulate SQL databases.
Mr. Ngo Tuan Anh, Bkav Vice President in charge of Cyber Security, said: "Bkav has tracked spyware network carrying out Advanced Persistent Threat (APT) attacks in Vietnam since mid year 2012. The analysis result shows that malware attacking Vietnam Airlines also appeared in many organizations and businesses including government entities, corporations, banks, institutes and universities. This issue has been repeatedly warned by Bkav."
Currently, Bkav has released a free tool for scanning malware which can be downloaded at: Bkav.com.vn/ScanSpyware. This tool requires no installation. Bkav Endpoint and Bkav Internet Security user will be protected as these software are updated automatically with malicious patterns.
Bkav
- Viet Nam cyber security overview in 2017 and predictions for 2018
- New variant of Mirai malware targeting IoT devices in Vietnam
- More than 5,000 Linux system in Vietnam affected by serious flaw Dirty COW
- Malware attacking Vietnam Airlines appears in many other agencies
- Warning on malware hijacking smartphones in fake Pokémon GO
- Luật ATTT mạng số 86/2015/QH13 ra đời năm 2015
- Nghị định 85/2016/NĐ-CP
- Chỉ thị 14/CT-TTg năm 2018
- CT 14/2019, BTTT-CATTT
- Công văn số 2973/BTTTT-CATTT năm 2019 Hướng dẫn triển khai hoạt động giám sát an toàn thông tin trong cơ quan, tổ chức nhà nước hướng dẫn CQNN
- Công văn số 235/CATTT-ATHTTT năm 2020 hướng dẫn mô hình bảo đảm an toàn thông tin cấp Bộ, Tỉnh.
Mức cảnh báo: Nguy hiểm
Cảnh báo: Lỗ hổng thực thi mã từ xa trên Zimbra