Kaspersky highlights Threat Intelligence to empower Thai businesses

Victor Chu, Head of Systems Engineering for South East Asia at Kaspersky underlined the importance of Threat Intelligence at the TB-CERT Cybersecurity Annual Conference 2023, where he shared a remarkable presentation on “Next-Generation Threat Intelligence: Harnessing Expertise for Effective Cyber Defense”.

On stage, he shared global and Southeast Asia (SEA) threat landscape data analyzed by Kaspersky to the audience, including TB-CERT members, banking and financial institutions, CERT readiness MOU, public sectors and others.

Globally, in 2022, Kaspersky’s detection systems discovered an average of 400,000 new malicious files daily. By comparison, about 380,000 of these files were detected every day in 2021, demonstrating a 5% jump. In total, Kaspersky’s systems detected approximately 122 million malicious files in 2022, 6 million more than the previous year.

When researching SEA threat landscape in 2022, the number of malware attacks prevented by Kaspersky was 207,506 in Thailand accounting for 14,050.

Kaspersky also logged 6,283,745 phishing attempts in Thailand, from a total of 43,445,502 phishing targeting users in SEA where users in Vietnam, Malaysia, and Thailand were targeted the most.

He also highlighted ransomware as one of the top threats against businesses in SEA. Because of its high return-of-investment nature, Thailand was recorded as the second highest number of 82,438 ransomware incidents blocked by Kaspersky.

Ransomware is also the most popular Malware-as-a-Service model (MaaS). It accounted for 58% of all families distributed under the MaaS model between 2015 and 2022.

According to Kaspersky Incident Response Report 2022, the top target industries for cyberattacks are government (19.39%) financial (18/37%), industrial (17.35%), and IT (9.18%).

He explained that attackers use various tools to compromise the targets. The most popular tools are LOLBins and PowerShell which attackers use at the lateral movement stage. Others include PsExec, Mimikatz and Cobalt Strike. Microsoft Exchange exploitation is the most common effective software vulnerability vector.

Therefore, Chu delved into the crucial concept of threat intelligence and explored how organizations can leverage it to enhance their cybersecurity measures and build a proactive cyber defence posture while informing organizational-wide decisions to reduce cyber risks.

Kaspersky Threat Intelligence delivers all the knowledge acquired by Kaspersky about cyber threats and their relationships, brought together into a single, powerful web service. The goal is to provide Security Operations Center (SOC) teams with as much data as possible in order to prevent cyber-attacks that can impact the organization. The platform retrieves the latest detailed threat intelligence about web addresses, domains, IP addresses, file hashes, statistical/behavioural data, WHOIS / DNS data, and so on. The result is global visibility of new and emerging threats, helping to secure organizations and boosting incident response.

For the completeness of threat intelligence, one must look into four essential areas in order to provide effective and better cyber-defence measures: Strategic, Tactical, Operational and Technical.

Threat Intelligence from Kaspersky incorporating the four essential areas and leveraging a world-leading team of researchers and analysts from Kaspersky, helps organizations to access the cyber-intelligence to stay ahead of adversaries and mitigate emerging cyber threats.

Threat intelligence is the core element enterprises use in vulnerability management (68%), security operations (66%), and incident response (62%). Cybersecurity analysts and SOC teams use it to make timely and informed decisions in case of an attack.

"To effectively combat contemporary global cyber threats, establishing a SOC alone is insufficient. What is crucial is equipping them with the necessary technologies, security intelligence, and expertise that empower them to respond to the ever-evolving challenges within a dynamic threat landscape. Drawing from over two decades of dedicated threat research, cutting-edge protection technologies, acknowledged expertise, and a track record of success in intricate cybersecurity endeavours, Kaspersky Threat Intelligence enhances the capabilities of your SOC across all fronts. This empowerment leads to heightened efficiency in countering progressively sophisticated threats,” says Chu.

The Thai Banking Sector CERT or TB-CERT hosted the “TB-CERT Cybersecurity Annual Conference 2023” in Bangkok on 22 September 2023, under the Sustainable Cybersecurity theme. The agency aimed to strengthen the cybersecurity community in the financial sector and others, leverage awareness of cybercrime, build professional skills of TB-CERT members, and educate TB-CERT members and others on cybersecurity aspects.

Payong Srivanich, CEO, of Krungthai Bank and chairman of The Thai Bankers' Association, addressed on banking cybersecurity landscape, agenda, and mission to the audience during his welcome speech.

“The matter of cybersecurity is a pressing issue and securing our banking ecosystem is imperative. This is the very reason why TB-CERT was established. The Thai Bankers Association (TBA) has been working with and receiving support from the Ministry of Digital Economy and Society (MDES), as well as the National Cyber Security Agency (NCSA) to prevent and respond to cyber-attacks. Technological advancements such as Generative AI, though they bring convenience and hold great potential, also pose a growing risk by enhancing the sophistication, severity and ease of execution of cyber threats. These threats have widespread financial consequences at the national level. 

Today's agenda is full of discussions from experts spending both management and technical perspectives together. We will delve into the trends, challenges, and solutions for ensuring sustainable cybersecurity for our digital economy, which is a mission we at the TBA focus on,” says Payong.

Professor Wisit Wisitsora-at, Permanent Secretary, Ministry of Digital Economy and Society, in his opening remarks, stated the government plan for digital development in Thailand and the linkage with cybersecurity.

“The government has made a very clear policy and emphasis on the digital approach, including digital economy, digital government, digital well-being, as well as digital society. There are too many scams nowadays, it makes people less trust the system, not only telecommunication but also bank institutions. With these challenges, the government comes up with more legislative movements and biometric measures for transactions to reduce scams and build safe and secure infrastructure and an ecosystem. Cybersecurity cannot be done by one alone, we look for private sectors and others to help with digital literacy and expertise,” comments Professor Wisit.

Dej Titivanich, Assistant Governor Information Technology Group, Bank of Thailand, highlighted the rise of cyberattacks against banking and financial sectors and the importance of sustainable cybersecurity at his special event keynote.

“Thailand's economic and financial system is going through a transformation. Technological advancement has created opportunities for new and innovative financial services, which can further narrow the gap in financial access for businesses and households. 

Transitioning into a digital ecosystem will also expose us to more cyber threats and is an opportunity for criminals to create more sophisticated and complex attacks. Advances in technology have made it even easier for hackers. They can use readily available information, some from leaks apply ever-evolving social engineering techniques and a vast array of tools including ChatGPT and its nemesis, WormGPT to make their scams even more believable. From the diversity of attacks and likely targets, sustainable cybersecurity is critical and a long-term approach. We need to have a strong security posture to protect, detect, respond and recover from incidents promptly. Certainly, the Bank of Thailand is willing to provide cybersecurity collaboration with all relevant organizations to build confidence and immunity for the financial system,” states Dej.