On April 1, 2025, Viettel Threat Intelligence released a comprehensive report detailing the escalating risks to information security in Vietnam. This report, grounded in data from Viettel's Threat Intelligence system, highlights a troubling surge in cyberattacks throughout 2024, revealing not only the scale of these attacks but also their increasingly sophisticated nature.
According to the report, over 10 Terabytes of data were encrypted due to various cyberattacks, resulting in an estimated financial loss of nearly 11 million USD. This alarming trend underscores the severity of the cybersecurity landscape in Vietnam, where the Finance and Banking sector remains the primary target, accounting for a staggering 71% of total attacks.
Additionally, the report indicates that 14.5 million accounts were leaked in Vietnam during 2024, representing 12% of the global total. These breaches have led to a substantial increase in the sale of personal and corporate information on various online platforms, heightening the risk for organizations and individuals alike.
The report also noted a significant rise in phishing attacks, with over 4,000 fraudulent domain names recorded—a decrease of approximately 30% from the previous year. However, the number of counterfeit pages using trademarks illegally surged threefold, nearing 1,200 pages. This shift highlights the evolving tactics employed by cybercriminals, who are increasingly using advanced technologies such as artificial intelligence (AI) to create more convincing phishing emails and websites.
Moreover, the number of Distributed Denial-of-Service (DDoS) attacks reached over 924,000 in 2024, marking a 34% increase compared to 2023. Some of these attacks exceeded 1 Terabit per second, targeting financial institutions, public services, and technology companies, causing significant operational disruptions.
As cyber threats continue to evolve, Viettel's report outlines four key trends anticipated for 2025. First, the use of AI in cyberattacks is expected to intensify, with attackers leveraging AI to develop harder-to-detect malicious code and orchestrate sophisticated spoofing campaigns involving voice, image, and video.
Second, the rise of Internet of Things (IoT) devices and Blockchain technology will present new vulnerabilities, as hackers target devices with inadequate security and cryptocurrency trading platforms, posing substantial risks to financial and personal data.
Third, the Ransomware-as-a-Service (RaaS) model is likely to gain traction, enabling individuals without technical expertise to launch ransomware attacks using complex encryption techniques. This model democratizes cybercrime, making it accessible to a wider range of perpetrators.
Lastly, the prevalence of Fileless Malware attacks is anticipated to increase. These attacks exploit RAM memory and system administration tools like PowerShell, complicating detection and remediation efforts for traditional security systems.
In light of these evolving threats, Viettel Cybersecurity Company has issued several recommendations for businesses to bolster their defenses. First and foremost, organizations should establish a 24/7 information security monitoring system to promptly detect and respond to attacks. Implementing a modern management model, such as zero-trust architecture, can help control access and mitigate unauthorized intrusions.
Regularly scanning for and patching security vulnerabilities is also crucial, as is conducting periodic security assessments throughout the supply chain to prevent attacks via third-party partners. Investing in advanced security technologies, such as External Attack Surface Management (EASM), Security Operations Centers (SOC), and Anti-DDoS solutions, is essential for protecting critical information assets.
Lastly, cultivating a culture of information security through regular training and incident response drills will help minimize risks associated with human error.
The findings presented in this report serve as a critical wake-up call for individuals and organizations in Vietnam to proactively engage in safeguarding their information assets against an increasingly hostile cyber environment. As the digital landscape continues to evolve, so too must the strategies employed to protect it.
