Security warning after the VNDIRECT attack

According to VTC News: “On the morning of March 24, VNDirect’s system was attacked by an outside organization. Although the support of leading technology corporations has been mobilized, according to VNDirect, because the data is too large, it takes longer than expected. At the same time, the websites of companies related to this company include Postal Insurance Corporation (PTI), I.P.A Securities Investment Management Company (IPAAM), I.P.A Investment Group (IPA). , Homefood Food Joint Stock Company was also attacked and cannot be accessed until now.”

 

After 2 days since VNDirect was attacked, the State Securities Commission required securities companies to ensure that information technology systems and backup databases operate safely and continuously according to the provisions of Clause 10, Article 89 of the Securities Law 2019. The State Securities Commission also requires companies to seriously and urgently carry out and report the results of reviews and inspections, and remedial plans, if any, to the State Securities Commission and relevant units in advance.

According to many sources, hackers attacked VNDirect through logging into their virtual machine management system without multi-factor authentication. Since then, the attacker has encrypted all images of AD, SIEM, log, backup systems,… which are all virtual machines and encrypted.

Integrating multi-factor authentication solutions to an organization’s information systems is an important step in preventing similar attacks.

Why is Multi-Factor Authentication (MFA) important?

Multi-factor authentication (MFA) adds an extra layer of security to your system so hackers cannot access it.

Introduction

Multi-factor authentication (MFA), also referred to as two-factor authentication (2FA), stands as an important method to verify a user’s identity. It mandates the provision of more than one form of authentication, thus enhancing security. The primary objective of MFA is to fortify security by introducing additional layers of authentication, all while ensuring a balance between elevated protection and seamless user experience. MFA, or 2FA, has become the industry standard for safeguarding accounts, and for good reason. The importance of MFA can be understood more closely by the frequency of data breaches that expose vast quantities of usernames, passwords, and personal information.

As per a research report by Verizon indicates that compromised credentials are involved in 82% of security breaches, thus highlighting the urgent need for businesses to adopt these fundamental security measures. If you’ve ever reused a password, multiple accounts could be vulnerable to unauthorized access following a single data breach. The importance of MFA is evident as it steps in to secure accounts, even when a password has been compromised.

How Does MFA Work?

MFA mandates users to additional verification factor(s).

  • Common Factor :OTPs: One of the most familiar MFA factors is the use of one-time passwords (OTPs).
  • OTP Description :OTPs are typically 4-8 digit codes distributed via email, SMS, or mobile apps.
  • Dynamic Code Generation : These codes are generated periodically or with each authentication request.
  • Seed Value : The code generation process is based on a seed value assigned to the user during registration.
  • Additional Factor : The code generation also depends on another factor, which could be a counter increment or a time-based value.

Why MFA?

Cybercriminals have access to a staggering pool of billions of user credentials data, if they pick yours, thus posing a risk of exposing the company’s confidential information. Therefore the importance of Multi-Factor Authentication (MFA), cannot be overlooked as it acts as a formidable deterrent against cyber criminals. By fortifying your data’s defenses, MFA diminishes its attractiveness to potential thieves, making it more probable that they’ll opt for an easier target.

As its name suggests, MFA integrates a combination of two or more distinct authentication factors. Typically, this involves something you know, such as your username and password, and adds an extra layer of security. Let us now take a look at three main types of MFA Authentication Methods

1. Something you know (knowledge), like a password/PIN

  • Answers to security questions
  • Password/PIN

2. Something you have (in your possession), like a token or smartphone

  • OTPs (through SMS or phone)
  • OTPs (through smartphone apps)
  • Badges with access codes, USB devices, Smart Cards, or security keys
  • Software tokens and certificates

3. Something you are (inherence)

  • Fingerprints, facial recognition, voice, or retina scan
  • Analyses of behavioral patterns

Benefits of Multi-Factor Authentication

Numerous organizations have adopted Multi-factor Authentication (MFA) in response to the current security climate and regulatory requirements. The prevalence of MFA is set to increase further, aligning with its user-friendly nature and the protection it affords, ultimately benefiting both employees and IT teams.

What drives the widespread adoption of MFA? Let’s explore some of the essential advantages it offers.

1. Protecting Against Identity Theft Through Stolen Passwords

The landscape of password theft is constantly evolving, with attackers employing three primary methods:

  • Keylogging: This method involves surreptitiously recording keystrokes on a keyboard.
  • Phishing: Attackers use fraudulent emails, SMS messages, or phone calls to coax victims into revealing sensitive information.
  • Pharming: Malicious code is installed on a device, redirecting users to fraudulent websites where they unwittingly share their sensitive data. Pharming is often described as “phishing without the lure,” where the malicious email lure is absent.

These threats extend beyond individuals to encompass even large enterprises, which are entrusted with safeguarding our data. Multi-factor authentication (MFA) plays a pivotal role in ensuring the security of your organization, even in the aftermath of credential theft incidents affecting your employees’ passwords.

2. Offers easy implementation and seamless user experience

In today’s digital landscape, individuals grapple with the challenge of managing numerous, sensitive account credentials as they maintain numerous online accounts across various apps and websites. Unfortunately, the widespread practice of password reuse has become a major setback amplifying the risk of account compromise in the event of a single set of user credentials being exposed. Multi-factor Authentication (MFA), Its intuitive user experience ensures that it can be effortlessly adopted by consumers with minimal to no additional effort, rendering it a straightforward integration.

MFA addresses these concerns by bolstering security without imposing the complexities of frequent resets or intricate policies. Organizations can enhance user convenience by providing a variety of authentication factors to choose from or by mandating additional factors only when necessary.

With its streamlined implementation, ease of management, and compatibility with a wide range of applications, MFA not only fortifies security but also alleviates the strain on IT teams, enabling them to allocate their resources to more strategic initiatives.

3. Ensuring User Identity Security

In order to safeguard corporate and personal data privacy, a collaborative effort between consumers and businesses is essential. More and more organizations are bolstering security measures by implementing continuous, context-based security, throughout the entire login process to effectively authenticate employees and customers.

Multi-factor authentication (MFA) and Single Sign-On (SSO) streamline user access without the burden of remembering multiple passwords, reducing the risk of account compromise. Individuals can protect their digital identities by staying informed about cybersecurity risks, adhering to best practices, and remaining alert against emerging threats. In an era where our daily lives heavily rely on the internet and digital accounts, awareness of identity management has never been more critical.

MFA enhances security without the need for frequent password resets or complex policies, benefiting both users and IT teams. Organizations can simplify the user experience by offering various authentication factors or requiring additional ones only when necessary.

With its user-friendly deployment, easy management, and compatibility across a range of applications, MFA liberates IT teams to focus on strategic priorities.

Conclusion

As the adoption of digitalization grows across organizations, cybersecurity assumes greater significance. In this context, MFA emerges as a crucial component, offering robust protection against malicious threats targeting a company’s vital data. Given the scale at which hackers target corporate credentials, there’s no more opportune moment for businesses to expedite their MFA Solutions deployment.

#SmartNet #Miniorange #MFA 

—-
𝗦𝗺𝗮𝗿𝘁𝗡𝗲𝘁 𝗧𝗲𝗰𝗵𝗻𝗼𝗹𝗼𝗴𝘆 𝗖𝗼𝗺𝗽𝗮𝗻𝘆 𝗟𝗶𝗺𝗶𝘁𝗲𝗱
📍 Office 412, Dreamland Bonanza Building, 23 Duy Tan Street, My Dinh 2 Ward, Nam Tu Liem District, Hanoi, Vietnam
📍 259 Dong Den Street, 10 Ward, Tan Binh District, HCMC
📞 024 7774 8886
📮 contact@smartnet.net.vn