Ransomware, Junk Bank Accounts: Cyber Threats Proliferate in Vietnam

For one week last month, Vietnamese brokerage VNDirect Cyber Systems shut down its securities trading systems and disconnected from the country's two stock exchanges after a ransomware attack encrypted critical data. VNDirect was offline recovering until eight days later when the Ho Chi Minh and Hanoi stock exchanges allowed it to restart trading on April 1.

VNDirect Cyber Systems is just the latest Vietnamese company whose operations have been severely disrupted by a cyberattack.

In 2023, nearly 14,000 organizations across Vietnam suffered a cyberattack, an increase of 10% from the prior year, according to the country's National Cyber Security Centre (NCSC). While estimated damages caused by malicious software declined for the second year in a row to 17.3 trillion VND, or about US $690 million, a variety of other cybersecurity metrics continue to worsen, according to regional experts.

Overall, the country's economic picture is in flux. And that has led to a rise in cybercrime, says Ngoc Bui, a cybersecurity expert at Menlo Security, a provider of secure enterprise browser technology.

"Economic conditions, particularly in regions with limited job opportunities and low wages for high-skilled roles, can drive individuals to turn to cybercrime," he says. "This trend, fueled by the allure of cybercrime's rewards and digital anonymity, emphasizes the need for creating legitimate tech sector jobs to stimulate economic growth and counter cybercrime."

Vietnam is one of the fastest-growing economies in Asia, making the most of its connections to both China and the United States. The country's digital economy is expected to top US $43 billion by 2025, in part because of its focus on technology including initiatives in e-government, smart cities, and artificial intelligence, according to consulting giant PricewaterhouseCoopers. As a result, in mid-March, a delegation of nearly 60 US companies — including giants such as Meta and Boeing — visited the country to seek out investment opportunities.

Cracked Software, Junk Bank Accounts

The success has brought rapid technology adoption and significant cybercrime.

Nearly 750,000 systems were attacked by credential-stealing malware in 2023, an increase of 40% compared to the previous year, according to regional cybersecurity firm Bkav Technology Group. Online financial fraud has taken off due to a problem specific to the country: Bank account owners selling access to unused accounts. These so-called "junk accounts" make it difficult to track cybercriminals by following the money, says Nguyen Van Cuong, director in charge of cybersecurity at Bkav.

"Many people simply think that selling accounts they don't use won't be a problem," he said in a statement. "But in reality, bad guys have taken advantage of these bank accounts to carry out illegal transactions, hiding their origin, causing difficulties for investigation agencies."

Pirated or cracked software is another major issue. Fifty-three percent of computers are thought to be using pirated software, according to Bkav.

While the government has issued decrees to increase cybersecurity awareness, citizens continue to participate in these risky digital behavior, such as junk bank accounts and the use of cracked software, says Sarah Jones, a cyber threat intelligence research analyst at Critical Start.

"Vietnam's rapid digital growth creates a larger target for cybercriminals, and a lack of cybersecurity awareness among users makes them more susceptible," she says. "The widespread use of cracked software further exposes individuals and organizations to malware and exploitable weaknesses."

Countering Cybercrime

Vietnam's ruling Communist Party has strived to keep pace with cybercrime, issuing a number of directives to strengthen laws around the prevention and investigation of cybercrimes in 2021, and in 2020 launched efforts to raise public awareness of cybersecurity. Another directive, passed in 2019, required public sector organizations to spend at least 10% of their IT budget on cybersecurity. The sustained efforts has boosted Vietnam's ranking in the Global Cybersecurity Index to 25th out of 194 countries in the 2020 report (the latest available), up from 100th in 2017.

The country is already working with the United Nations Office on Drugs and Crime (UNODC) to strengthen the technical skills of law enforcement to tackle money laundering and other crimes.

Yet, divisions within the country are also driving the creation of dark platforms to escape increasing surveillance and Internet censorship by the government. A military group consisting of thousands of service members, known as Force 47, monitors communications and manages censorship in accordance with the government mandates, but also has resulted in the creation of several anonymity-as-a-service groups.

Such efforts will likely result in stronger Dark markets and platforms such as VietCredCare and DarkGate, both created by home-grown APT groups like Ocean Lotus and Lotus Bane, says Ken Dunham, cyber threat director at Qualys's threat research group.

"The threatscape in Vietnam is complicated with APT groups targeting companies for the benefit of the country, [as well as] Internet censorship, monitoring, and blocking of content by the Force 47 group," he says.

The next two years will be uncertain for Vietnam in many ways.

The leadership of the Community Party is expected to change by 2026, and economists wonder if the country can continue to deliver strong economic gains. Both uncertainties could breed more cybercrime in the future there.