Bac Giang Online

Vietnamese engineers win $25,000 prize in global cyberattack contest

Update: 14:22 | 23/02/2023

Vietnam's ECQ team exploited two zero-day vulnerabilities in the industrial control system (ICS) and the monitoring and control data system (SCADA) to win US$25,000 in global cyberattack competition Pwn2Own.

•Vietnamese scientists win China-ASEAN innovation contest

•Vietnamese lensman wins in Sony photo contest with 'Turtle Dream'

•Becoming famous from “Song Thuong singing contest”

In their first entry at Pwn2Own Miami 2023, ECQ's technical team of 12 members scored 25 points to rank second and win $25,000.

The first target on Feb. 14 was the Softing edgeConnector application Siemens in the OPC UA server category.

Vietnamese engineers, 25,000 USD prize, global cyberattack contest, ECQ team, industrial control system, Pwn2Own, software vulnerability

The ECQ engineering group during the online contest.

ECQ exploited the NULL pointer dereference vulnerability to attack denial of service (DoS).

DoS vulnerabilities are significant because ICS products promote system availability. These attacks are aimed at taking advantage of a software vulnerability, causing the application to crash or delay and make it unable to process requests.

On Feb. 15 their target was Triangle Microworks SCADA in the Data Gateway category. ECQ combined a chain of three vulnerabilities to complete a remote code execution attack. The team succeeded in executing an arbitrary code on the server where the application was installed.

Nguyen Hai Dang, director of ECQ Vietnam, said Pwn2Own is a significant and famous global security contest.

Pwn2Own is a global hacking competition held annually to find previously unknown security vulnerabilities.

Held in Miami this year, it focused on industrial networks in four categories: the OPC Unified Architecture server (OPC UA server), OPC UA client, data gateway (Data Gateway), and Edge system.

This is not ECQ's first foray into a security competition in the industrial network field.

In 2019 it and SkillSpar participated in the Cybersecurity Industry Call for Innovation organized by the Cyber Security Agency of Singapore and won a SGD500,000 prize with its automated attack simulation and remediation initiative for ICS/SCADA.

ECQ is a cybersecurity company that provides offensive security solutions and services focusing on proactive attack and defense.

It develops premium security consulting services for clients in a number of industries like finance, critical infrastructure and services and to government agencies.

Viettel Cyber Security triumphs at Cybersecurity Excellence Awards 2022 with 13 golds

The Viettel Cyber Security Company, a subsidiary of the military-run industry and telecom group Viettel, has won 13 gold prizes at the Cybersecurity Excellence Awards 2022, announced the company on February 21.

Vietnamese students place 2nd in regional cybersecurity competition

A four-member team from the Vietnam National University Ho Chi Minh City - University of Science won the second prize in the 2020 ASEAN-Japan Cyber SEA Game.

Vietnam, Singapore boost cooperation on cybersecurity

The Vietnamese Ministry of Public Security (MPS) and the Singaporean Ministry of Communications and Information (MCI) held a virtual ministerial meeting on September 29 to discuss bilateral cooperation on cybersecurity.

Source: VnExpress