Malware attacks prompt ministry call for remedial action
THE MINISTRY of Digital Economy and Society yesterday urged computer system administrators in Thailand to take remedial and preventive actions against malware that recently infected multiple systems in Thailand and 16 other countries.
The ministry’s move follows reports of a group of hackers with links to the North Korean government using servers in the Kingdom to carry out large-scale cyber-espionage and malware attacks, according to a news report.
According to McAfee Advanced Threat Research, it was discovered that a global data reconnaissance campaign called “Operation GhostSecret” had affected implants, tools and malware variants which it said are associated with a state-sponsored cyber group called Hidden Cobra.
Researchers say the campaigns were carried out to steal important information from critical infrastructure, telecommunications, finance, healthcare and entertainment organisations from all over the world.
“The campaign is extremely complicated, leveraging a number of implants to steal information from infected systems and is intricately designed to evade detection and deceive forensic investigators,” McAfee wrote in a post on Tuesday.
The cyberattack targeted multiple industries, including critical infrastructure, entertainment, finance, healthcare and telecommunications.
Citing monitoring by the Thailand Computer Emergency Response Team, Somsak Khaosuwan, deputy permanent secretary of the ministry, said the malware was first discovered around February this year.
Some computer servers in Thailand were used by hacker group Hidden Cobra to attack various targets in Thailand and other countries, he said.
According to ThaiCert, administrators are advised to disconnect infected computer systems immediately while updating the operating system and related software to close any loopholes.
In addition, system access has to be reviewed regularly to boost internal security and prevent unauthorised access.
Prinya Hom-anek, a cybersecurity expert, said Thailand has long been a “soft target” used by hackers around the world due to the country’s inadequate cybersecurity mechanisms in both the public and private sectors.
As a result, he said, the latest discovery is no surprise, adding that the country needed to invest more in cyber-protection, covering the adoption of more sophisticated software and the hiring of more cybersecurity professionals, especially in the public sector whose systems are even more vulnerable than those in the private sector.
According to Prinya, state-sponsored hackers have the advantage of access to an “unlimited” budget.
He said it was unclear if the country’s new cybersecurity legislation, which will be shortly considered by the National Legislative Assembly, would be effective in helping to safeguard the country from cyberattackers.
At the regional level, Asean leaders during their summit today in Singapore would adopt a statement on cybersecurity cooperation.
In the statement, they agreed to reaffirm the need to build closer cooperation and coordination among members on cybersecurity development and capacity building initiatives.
The group previously had many programs such as the Asean Cyber Capacity Programme to promote cooperation and develop capacity.
Asean also needs to implement practical confidence-building measures and adopt a set of common, voluntary and non-binding norms of responsible state behaviour in cyberspace so as to enhance trust and confidence in the use of cyberspace to its full potential, the statement said.
Republished with permission from The Nation