Compromised servers in Thailand cause nearly 200k malicious incidents in Q2

Kaspersky's recent report shows alarming results. The global cybersecurity company observed a huge increase in malicious incidents caused by servers hosted in Thailand. In the second quarter of 2024 (April - June), Kaspersky detected 196,078 incidents, which is 203.48% higher than the same period last year, when Kaspersky logged 64,609 incidents.

When considering quarter by quarter, Kaspersky detected 196,078 incidents in Q2 of 2024 (April - June), which is 24.15% higher than the previous quarter (January - March) where Kaspersky logged 157,935 incidents.

Threat actors use compromised servers to host websites that deliver malware to unwary users. Users are drawn into these websites using fake advertisements, phishing links in emails and SMS, and other methods.

Their computers and devices are later explored for vulnerabilities and breaches. When users encounter such online threats, Kaspersky Solutions detects and blocks them. Additionally, the sources of these threats are also located and recorded.

In 2023, cyberthreat incidences in Thailand grew by 114.25% over the previous year. Educational agencies are the most often targeted industry (632 incidents). Other government entities came next (461 incidents), followed by commercial operators and private companies (148 incidents), and banking and finance (148 incidents).

The most common threats in 2023 were online gambling-related attacks, followed by hacking to change website pages (defacement), and creating fake websites to steal information.

The surge of compromised servers can be attributed to several factors, which include:

•    Growing popularity of remote work: Working from home and using personal devices for business purposes has increased the number of unsecured devices and networks being used to access corporate data. These compromised devices may be a stepping stone for criminals to hop onto servers in their intranet.

•    Weak cybersecurity measures: Some organizations may have weak cybersecurity measures in place, such as outdated software, lack of firewalls, or inadequate intrusion detection systems.

•    Lack of cybersecurity awareness: Many businesses and individuals are less aware of the importance of cybersecurity and are not taking necessary steps to protect their systems.

•    Rise of ransomware: Ransomware encrypts files and demands a ransom payment in exchange for decrypting them. Attackers also use extortion methods to pressure victims to pay. It has become common in recent years and can be very costly for businesses.

•    Prevalence of phishing scams: Phishing scams are a common method to trick victims into providing sensitive information to gain access to the victim's network.

•    Lack of comprehensive regulations: Comprehensive cybersecurity regulations and enforcement mechanisms are essential. It holds organisations accountable for their cybersecurity practices and creates a secure environment.

“Incidents caused by compromised servers in Thailand tend to upsurge from quarter to quarter. This increase is alarming and could have serious consequences for businesses and individuals. Addressing all those concerns requires extensive approaches involving government initiatives, industry collaboration, and individual responsibility,” says Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.

“The Thai government has distinctly taken proactive steps, providing more resources to law enforcement agencies to investigate and prosecute cybercrimes, as well as collaborating with agencies and businesses, including Kaspersky. We have worked extensively and closely with government agencies for several initiatives such as capacity-building programs, research and development projects, policy development and implementation, and public awareness campaigns. We aim for a safer cyberspace in Thailand,” adds Yeo.

Kaspersky advises businesses of all sizes to take the following steps to protect systems from compromise:

•    Implementing strong cybersecurity measures - This includes using firewalls, intrusion detection systems, and cybersecurity software such as Kaspersky Next to protect your endpoints.

•    Backing up data regularly - In the event of a compromise, having a backup of your data will allow you to recover your files without paying a ransom.

•    Keeping software updated on all the devices you use to prevent attackers from exploiting vulnerabilities and infiltrating your network.

•    For larger companies, consider developing a stronger infrastructure by setting up a security operation centre using an SIEM (security information and event management) tool like Kaspersky Unified Monitoring and Analysis Platform (KUMA), a unified console for monitoring and analysing information security incidents, and solutions such as Kaspersky Next XDR, a robust cybersecurity solution that defends against sophisticated cyber threats.

•    Educating employees about cybersecurity through tools such as Kaspersky Automated Security Awareness Platform - Employees should be aware of the risks of cybersecurity threats and how to protect themselves from them.