Recently, just searching by Google with keywords related to betting and gambling, with the option of gov.vn, users can easily see many pages with the .gov domain name extension. vn files of state agencies have been "hacked" and advertising links have been inserted.
The reality on the Information Security Department and the Ministry of Information and Communications has been grasped. Through the cyber security monitoring system, recently, this agency has continued to detect that Vietnam's public information systems still regularly face risks and cyber attack campaigns. Among them, some state agency websites are still being exploited to install, post, redirect or link to inappropriate content.
The results of the review by the Information Security Department in mid-March 2023 showed that, of about 14,000 websites, with more than 6,900 .gov.vn domain pages of state agencies, at least 90 websites were detected being exploited to install, post, redirect or link to inappropriate advertising content such as card and gambling advertising... Of these, there are 67 websites under the management of 30 provinces and cities and 23 websites. The website is under the management of 12 ministries and branches. This inappropriate content is also displayed right on Google search results.
Experts from the Information Security Department said that state agencies' websites being installed, posted, redirected or linked to inappropriate content is not a recent situation. Although the authorities have warned, the review and implementation of measures to prevent and handle has not received due attention.
“This incident will become very dangerous and serious if it is taken advantage of to post and spread malicious content, distorting the Party's sovereignty, policies, and State policies and laws.”, experts from the Information Security Department further noted.
To limit, prevent, and handle the above situation early, from mid-March 2023, the Information Security Department has issued a document requesting specialized IT and information security units of ministries and branches to The locality reviews all websites under its management to detect and remove inappropriate content, take measures to handle and prevent the situation from being installed, posted, redirected or linked to the website from recurring. associated with inappropriate content.
Units are also recommended to strengthen monitoring and prepare treatment plans when detecting signs of network installation, exploitation, or attack; At the same time, regularly monitor warning channels of authorities and large information security organizations to promptly detect cyber attack risks.
Emphasizing that if "official" links of state agencies' websites are used to spread or redirect to scams or steal information, it will be very dangerous because users can easily fall into traps, Company experts said. NCS recommends that administrators urgently review their entire website system.
In particular, administrators need to focus on reviewing source code pages, paying special attention to files that are newly created or have a different creation time from most other files in the same directory. At the same time, change the administrative password and database access password if you have a weak password. “In addition, administrators should perform an overall network security assessment for the system and deploy automatic monitoring solutions to detect unusual changes, thereby promptly handling them.", NCS experts proposed.
According to https://ictnews.vietnamnet.vn/
