Similarly, statistics from Vietnam National Cyber Security Technology Corp. (NCS) reported that nearly 170 websites with the suffix ‘.edu.vn’ were under attack to contain harmful links related to gambling.
At present, search engines usually give high priority to formal websites of state agencies. This is why people with ill intention love to take advantage of the website’s feature that allows visitors to post information (questions, comments, file attachment) in order to spread negative advertising. They even use security vulnerabilities of those websites to attack and alter the interface before following the lead to other websites on the same server.
Such an infected website with the ‘.gov.vn’ suffix when being accessed via the search tool of Google can redirect visitors to another website that introduces people to the world of gambling. The same goes for those with the suffix ‘.edu.vn’.
Since the end of 2022, the Information and Communications Ministry has requested the unit in charge of information security of all ministries, state agencies, and local authorities to review improper content on websites ending in ‘.gov.vn’. However, the situation is not much improved.
Vu Ngoc Son from NCS attributed the issue to expired software whose vulnerabilities are not fixed. Adding to that is the outdated operation system that does not have the patches updated in time. Sometimes, the vulnerabilities on one site are fixed, but those on related ones are not; and thus, hackers are still able to attack the whole system.
The situation might become even worse when harmful or distorted content about the sovereignty of the island border, the Party's guidelines and the Government's policies is widely spread via the infected websites.
During the time to apply the digital transformation process in Vietnam, if insufficient attention is paid to information security among state agencies, negative impacts will happen, severely obstructing the completion of the process.
In order to completely address the problem, state agencies must first increase the security level of their formal websites and information technology systems. Those organizations have to regularly evaluate the status of information safety of their websites, especially the feature to allow visitors to post information.