 |
| Mr. Vu The Binh, Vice President and General Secretary of the Internet Association, speaking at the event |
Challenges in cybersecurity
Security Bootcamp is an annual event organized by the Vietnamese community of information security and cybersecurity professionals since 2012. The mission of Security Bootcamp is to build and connect the network of information security practitioners across the country to share the latest knowledge and skills, creating a forum for cybersecurity in Vietnam. Security Bootcamp 2025 took place in Hue over three days, from September 12 to 14, featuring two main parallel activities: professional workshops and the cybersecurity arena.
At the workshop, speakers in the field of cybersecurity shared and discussed new technology trends, network security challenges, and practical experiences in ensuring cybersecurity. In particular, they focused on sharing experiences in building AI Agents to automate organizational security testing processes; introducing optimized security models for businesses to enhance intrusion detection and operational efficiency; conducting cybersecurity investigations; and demonstrating investigative techniques. They also emphasized that in the new era, resilience, adaptability, and breakthrough capacity are core factors that enable organizations, businesses, and even nations to withstand all cybersecurity threats.
Mr. Nguyen Duong Anh, Deputy Director of the Department of Science and Technology, stated: “In the context of comprehensive digital transformation and the rapid growth of the digital economy, information security is not just a technical requirement but has become the foundation for stability and sustainable development for government agencies, businesses, and society as a whole. A cybersecurity incident can disrupt operations and affect the credibility and trust of the public. Therefore, enhancing prevention, response, and recovery capabilities after incidents is particularly important.”
The forum provided an opportunity to connect the information security expert community, sharing knowledge, experience, and practical solutions. It allowed experts, civil servants, agencies, and businesses to meet, exchange knowledge, enhance expertise, contribute to ensuring information security, promote digital economic development, and build a modern digital government.
Mr. Vu Duc Hoang, cybersecurity risk analyst at Viettel Cyber Security, analyzed recent attack campaigns by the Lotus Blossom group (a targeted attack group often focusing on governmental agencies and large enterprises) and highlighted key risks to organizational and business cybersecurity.
Specifically, risks include intrusions from stolen VPN (virtual private network) accounts, as many organizations in Vietnam expanded remote access after COVID-19 without properly controlling VPN accounts. Attackers can exploit IT management systems to spread malware, using internal security and management tools to bypass conventional defenses. Malware can remain long-term hidden in the system, disable security software, and conceal itself in legitimate system folders.
Building regeneration capabilities
To prevent and mitigate the impact of the APT Lotus Blossom, expert Vu Duc Hoang recommended: organizations should implement targeted measures focused on preventing initial intrusions, controlling attack expansion, detecting abnormal activity, and responding quickly. Prevent initial intrusions by tightly controlling remote VPN accounts, auditing and revoking unused VPN accounts, especially those with high access privileges; prevent phishing and malware via OTT platforms (digital content services); prevent attack expansion within systems by protecting Active Directory (a solution for managing and controlling access to network resources) from exploitation; detect and handle APT Lotus Blossom activity; and strengthen rapid response capabilities in case of attacks.
 |
| Cybersecurity engineers in action |
As part of Security Bootcamp 2025, the Cybersecurity Arena was also held. This is a practical competition helping experts improve skills in handling cyber attack and defense scenarios. The arena provides equipment, infrastructure, and challenges for teams to demonstrate skill, intelligence, and real-world capability. Each team is provided a physical server and private network system to deploy both defensive and offensive strategies.
Teams of up to 5 members must coordinate skills such as penetration testing, experimental attacks to find vulnerabilities, auditing, security, reverse engineering, and social engineering. Teams also utilize multiple platforms and solutions to exploit opponents’ weaknesses and protect their own systems.
Mr. Vu The Binh, Vice President and General Secretary of the Vietnam Internet Association, affirmed that the theme “Regeneration” at Security Bootcamp 2025 emphasizes system resilience against cyberattacks, which is becoming a critical strategy in cybersecurity. The goal is to ensure that systems continue to operate and deliver desired outcomes despite cyberattacks, applicable to both software and hardware systems.
In a rapidly changing world with increasingly sophisticated and unpredictable cyberattacks, building regeneration capabilities is no longer optional but mandatory. Organizations and businesses need to carefully invest in cybersecurity planning to ensure digital assets are protected and secure, enabling them to focus on core professional tasks efficiently.