Let’s join VNCS in reviewing the most prominent cybersecurity news from the past week (November 15, 2024 - November 21, 2024) in the “Weekly Highlights” section:

 

A. AROUND THE WORLD

1. Google Warns of Rising Cloaking Scams

According to The Hacker News, Google recently revealed that hackers are increasingly using cloaking techniques to disguise real websites and replace them with fake ones. This method, commonly used in SEO (Search Engine Optimization) and other online activities, involves displaying different content or URLs to search engines versus users and web crawlers.

 

Laurie Richardson, Vice President and Head of Trust and Safety at Google, stated: “Phishing websites often mimic well-known brands and create a sense of urgency to manipulate users into purchasing counterfeit or non-existent products".

 

Additionally, when users click on ads, they are redirected to scareware pages claiming their devices are infected with malware. These pages then direct them to fake customer support sites designed to trick users into revealing sensitive information.

 

(Source: varutra.com) 

 

2. Tens of Thousands of Domains Compromised in "Sitting Ducks" Attack Campaign

Cybersecurity experts worldwide have discovered that 70,000 domains were compromised in a large-scale attack campaign dubbed "Sitting Ducks." This campaign exploits vulnerabilities in DNS systems to hijack legitimate domains, subsequently using them for phishing attacks and fraudulent investment schemes.

 

The "Sitting Ducks" attack is considered both easy to execute and difficult to detect, partly due to the inherent credibility of many of the hijacked domains. Victims include a variety of entities, such as an entertainment company, an IPTV service provider, a law firm, an aesthetic equipment supplier, an online fashion store in Thailand, and an auto parts distributor (specific names were not disclosed).

 

Additionally, cybercriminal groups like Vacant Viper, Horrid Hawk, and Hasty Hawk have employed this method to execute a range of malicious activities, including phishing, malware-laden spam, investment scams, and malware distribution. This campaign poses a significant risk to businesses and individuals, who may fall prey to these attacks via legitimate but compromised websites.

 

3. Iranian Cybercriminals Target Aerospace Employees on LinkedIn

Dark Reading reports that hackers believed to be from Iran have impersonated recruiters on LinkedIn to target personnel in the aerospace industry as part of a new espionage campaign. The attackers used fake recruitment websites and LinkedIn profiles to distribute documents that appeared legitimate but contained malicious code, such as SnailResin malware.

 

According to prior research by Mandiant (a Google subsidiary), these Iranian-affiliated hackers have previously targeted the aerospace, aviation, and defense sectors in Israel, the UAE, and potentially Turkey, India, and Albania. The current campaign is thought to be an updated version of earlier attacks documented by Mandiant.

 

Experts highlight that leveraging a trusted platform like LinkedIn enables hackers to bypass traditional security measures designed to detect suspicious emails or websites, thereby increasing the effectiveness of their espionage efforts and malware distribution.

 

4. Google Releases "Cybersecurity Forecast 2025" Report

Recently, Google unveiled the “Cybersecurity Forecast 2025,” a comprehensive document that predicts key trends in the cybersecurity industry for 2025, identifies emerging threats, and provides practical security strategies for organizations and businesses. The report draws on research by Google Cloud Security leaders, with contributions from dozens of analysts, researchers, incident response experts, and cybersecurity engineers.

 

According to experts, 2025 is expected to witness several critical cybersecurity threats, including:

 

+ AI-Powered Attacks: Hackers are anticipated to leverage AI for more sophisticated attacks such as phishing (email scams), vishing (voice scams), and social engineering. Additionally, deepfake technology will likely see increased use in identity theft, fraud, and bypassing security systems.

 

+ Ransomware and Extortion Tactics: Ransomware attacks and advanced extortion methods are projected to remain significant threats, causing widespread disruption across industries and nations.

 

+ Information-Stealing Malware: Malware designed to steal information will continue to be a major risk, leading to data breaches, account compromises, and widespread security violations.

 

+ Web3 and Cryptocurrency Heists: Cybercriminals are increasingly targeting Web3 and cryptocurrency organizations to steal digital assets, highlighting the need for enhanced security measures in these sectors.

 

 (Source: Google Cloud)

 

5. Fake Websites Exploit Black Friday to Steal Consumer Information

Global cybersecurity outlets have recently issued warnings about the emergence of fake websites set up to exploit Black Friday, the biggest shopping event of the year, to steal consumer information. These phishing campaigns target e-commerce shoppers in Europe and the United States by impersonating the branding and visuals of well-known companies, with the goal of stealing personal information. Attackers promote discounted products as bait to trick consumers into providing Cardholder Data (CHD), Sensitive Authentication Data (SAD), and Personally Identifiable Information (PII).

 

Additionally, the phishing domains use top-level domains (TLDs) such as .top, .shop, .store, and .vip, often employing typosquatting — a technique that involves hijacking URLs, poisoning legitimate sites, or creating fake URLs (e.g., northfaceblackfriday[.]shop). These websites promote non-existent discount deals while stealthily collecting visitor information.

 

Furthermore, users are prompted to provide their phone numbers, a tactic experts believe is likely intended to facilitate follow-up smishing (SMS phishing) and vishing (voice phishing) attacks. These attacks aim to collect further sensitive information

 

B. IN VIETNAM

 

1. Vietnam and the United States Strengthen Cybersecurity Cooperation

In November 2024, in Hanoi, the Authority of Information Security (AIS) under Vietnam’s Ministry of Information and Communications (MIC) signed a Memorandum of Understanding (MOU) on cybersecurity cooperation with the Cybersecurity and Infrastructure Security Agency (CISA) under the U.S. Department of Homeland Security. This landmark agreement not only signifies a key step in bilateral collaboration on cybersecurity but also reflects the robust development of the Comprehensive Partnership between Vietnam and the United States, following the historic visit of U.S. President Joe Biden to Vietnam in September 2023.

 

At the signing ceremony, Mr. Tran Quang Hung, Director of the AIS, stated: "Amid increasingly sophisticated cyber threats, this MOU marks an important step forward in Vietnam's efforts to safeguard critical digital infrastructure and ensure a secure cyberspace".

 

Speaking at the event, Mr. Trent Frazier, Assistant Director for International Partnerships at CISA, emphasized: "Collaboration and partnership are key to successfully protecting critical infrastructure and further enhancing cybersecurity capabilities". He also affirmed that the MOU would strengthen the existing partnership between the U.S. and Vietnam, enabling the U.S. to more effectively foster innovation, safeguard digital infrastructure, and address the growing cybersecurity threats.

 

(Photo: Signing ceremony between AIS and CISA. Source: MIC Journal)

 

2. Training Program to Enhance Digital and Cybersecurity Skills for Vietnamese Teachers

Amid the increasingly complex landscape of cybersecurity threats, Kaspersky has launched a training program aimed at enhancing digital and cybersecurity skills for 150 teachers from 135 primary and secondary schools across Vietnam. This initiative is part of Kaspersky’s global project, the Kids Cyber Resilience Project, designed to equip Vietnamese educators with the skills to address online threats, privacy risks, and issues like cyberbullying.

 

Trishia Octaviano, Academic Director for the Asia-Pacific region at Kaspersky, stated: "Through this training, we hope to support teachers in protecting students from the negative impacts of social media, particularly privacy risks and cyberbullying".

 

3. Cybersecurity Incident Response Drills Led by the Office of the National Assembly

From November 14 to November 19, the Office of the National Assembly, in collaboration with the 86th Command of the Ministry of National Defense, the Government Cipher Committee, the Ministry of Information and Communications, and Viettel, organized the 2024 cybersecurity incident response drills. The exercise focused on securing the National Assembly Members’ Information Website, a critical platform managed by the Office of Informatics, which provides historical information on National Assembly members from the first to the fifteenth terms.

 

Key requirements for the drills included:

 

+ Conducting the exercises directly on the systems that participants are responsible for protecting, without prior scripted scenarios.

+ Allowing sufficient time for participants to demonstrate their offensive and defensive skills in realistic conditions.

+ Maintaining an always-on readiness posture among technical personnel to handle incidents as they would during real cyberattacks.

+ Ensuring that the drills did not disrupt the normal operation of IT systems managed by the Office of the National Assembly, while maintaining absolute cybersecurity and network safety.

 

Through these practices, the IT team of the National Assembly Office improved their skills in detecting, handling, and responding promptly to cyberattacks. Additionally, the exercises provided an opportunity for participants to share experiences and update their knowledge of the latest advancements in cybersecurity technologies and practices.

 

4. Ministry of Home Affairs Proposes Support Allowance for Cybersecurity Personnel

According to Government Electronic News, the Ministry of Home Affairs is drafting a decree proposing financial support for personnel specializing in digital transformation, cybersecurity, and network security. This policy is expected to take effect in 2025, providing an allowance of 5,000,000 VND (approximately $210 USD) per month to eligible individuals.

 

The proposed recipients of this allowance include:

 

+ Personnel specializing in digital transformation and cybersecurity: Civil servants and public employees in specialized positions related to information technology (including IT industry, IT application, and digital transformation), network security, or electronic transactions, as specified in the job position guidelines for general and specialized professional roles issued by authorized bodies.

 

+ Cybersecurity and network security personnel: Officers and non-commissioned officers in technical and operational roles within the People’s Public Security and People’s Army; professional military officers, defense employees, and cipher personnel under the People’s Army; all of whom are state-funded and serving in active duty according to their designated positions.

 

(Photo: VGP News)

 

Facing the complex landscape of cybersecurity threats globally and in Vietnam, VNCS offers world-class security solutions to help organizations and enterprises protect their IT systems and prepare for cybersecurity challenges in the digital age. Here are some of the most advanced and intelligent security solutions available:

 

 

Contact VNCS today for in-depth consultation and to build an effective security system for your business!

 

 

Read more

 

Alarming Cybersecurity Statistics Worldwide and in Vietnam

 

Why is IT Infrastructure Monitoring one of the vital factors for financial - banking organizations?