Warning: Redline Stealer malware can affect information systems in Vietnam

Risk of being attacked by RedLine Stealer malware

RedLine Stealer is malware that first appeared around March 2020. This malware is capable of extracting login information from a variety of sources, including web browsers, FTP applications, emails, messaging applications, and VPNs.

A new variant of Redline Stealer malware has been discovered in cyberspace, this malware deploys LUA programming codes to perform malicious actions. Data shows that Redline Stealer malware is very popular as it infects North America, South America, Europe, Australia and Asia.

At present, although there has been no record of information systems in Vietnam being affected by the Redline Stealer information-stealing malware, to ensure the safety of domestic information systems, the Department of Information Security (Ministry of Information and Communications) has just issued a warning about this malicious code to agencies, organizations, and businesses nationwide.

The Information Security Department said that through the work of national cyber security monitoring, the National Cyber ​​Security Monitoring Center – NCSC under the Department recorded information related to the Redline Stealer malware used. to attack the information systems of many agencies and organizations globally.

Therefore, to protect the information system of your unit and contribute to ensuring the safety of Vietnam’s cyberspace, the Department of Information Security recommends that specialized IT and information security units of ministries and branches, local; state-owned corporations and corporations; Enterprises providing telecommunications services, Internet and digital platforms along with financial institutions and commercial banks check and review to determine whether the system is affected by Redline Stealer malware.

Agencies, organizations and businesses are also required to proactively monitor information related to the Redline Stealer information-stealing malware to upgrade to the latest version to avoid the risk of being attacked.

The Department of Information Security also recommends that agencies, organizations and businesses nationwide increase monitoring and prepare solutions when detecting signs of cyber exploitation or attack; At the same time, regularly monitor warning channels of authorities and large information security organizations to promptly detect cyber attack risks.

Detected nearly 89,000 weaknesses and information security holes in systems

Previously, on April 17, with the purpose of ensuring the safety of Vietnam’s cyberspace, maintaining stable operation of information systems during the holidays of April 30, May 1 and the 70th anniversary. Dien Bien Phu victory, the Ministry of Information and Communications has requested agencies, organizations and businesses to strengthen the implementation of ensuring network information security for information systems under their management.

One of the things the Ministry of Information and Communications recommends that units focus on is reviewing, testing, evaluating, and overcoming security holes; Proactively hunt down threats and remove malware for all servers and workstations in the network.

Along with that, it is necessary to consolidate and prioritize resources and human resources for 24/7 response and monitoring tasks; Regularly and continuously monitor the ‘Centralized information security monitoring’ and ‘Centralized malware prevention’ systems to ensure timely detection, handling and remediation of network attacks as well as warnings about malicious code.

Information about the situation of Vietnam’s network information security in March, the Information Security Department said that during the month, NCSC’s technical monitoring system recorded 88,990 information security weaknesses and vulnerabilities. at servers, workstations, and information systems of state agencies and organizations.

NCSC’s remote monitoring and scanning system has also discovered more than 1,600 vulnerabilities in 5,000 systems that are publicly open on the Internet. Experts at this center also recorded 12 newly announced vulnerabilities, with a serious and high level of impact that can be exploited to attack and exploit the systems of agencies and organizations.

“These vulnerabilities are vulnerabilities that exist in popular products of many agencies, organizations, and businesses. Therefore, units need to perform a comprehensive check and review of their systems to help determine whether the system uses products affected by vulnerabilities, and quickly take timely remedial measures. to protect information security. At the same time, continuously update information about new vulnerabilities and attack trends in cyberspace.”experts from the Information Security Department recommended.

Besides, in March, NCSC discovered 9 systems of units connected to botnet infrastructure (ghost computer network – PV). The Center has shared this botnet information with units through the botnet early warning detection system.

Agencies, organizations and businesses need to research information about the risks that have been warned and conduct system reviews and handle network information security issues in their information systems. scope of management of your unit.

The Department of Information Security issues a handbook on information system security protectionA handbook for ensuring information system security by level has just been issued by the Department of Information Security (Ministry of Information and Communications). This is a handbook to support units in protecting the safety of information systems against threats and risks.