Thai cyber-attacks surge as Trojans target biometric data
Thailand has been identified as a hotbed for Trojan malware that steals biometric data, such as facial recognition, as the country’s rate of cyber-attacks exceeds the global average over the last half of 2023, according to state reports from top cybersecurity companies.
Andrey Polovinkin, a malware analyst at the Singapore-based cybersecurity firm Group-IB, warned that biometric systems may fall prey to advanced cyber-attacks, even though they generally offer improved security. He explained that the rise and accessibility of artificial intelligence (AI) technologies enable cybercriminals to convincingly imitate real users.
This deception allows them to bypass biometric security protocols and access sensitive systems or data unlawfully, reported Bangkok Post.
Polovinkin expressed concern that organisations might face significant cybersecurity threats if they excessively depend on such technologies without implementing robust security measures. He clarified that while fingerprint and facial recognition technologies provide valuable security benefits, they are not completely foolproof.
He suggested a balanced evaluation of their integration into broader security frameworks, which involves incorporating additional protection layers and regularly updating authentication processes to counter the evolving risks posed by cybercriminals.
Group-IB reported on a previously undiscovered iOS Trojan, dubbed GoldPickaxe.iOS, which can gather identity documents, facial recognition data, and intercept SMS. This Trojan specifically targeted Thailand and Vietnam, impersonating local banks and government entities. It is linked to a Chinese-speaking threat actor known as GoldFactory, which has been associated with the creation of an array of advanced banking Trojans.
Facial recognition
Polovinkin revealed that the earliest traces of GoldPickaxe with facial video-capturing capabilities were found in early October 2023.
“Exact figures on the number of victims and financial losses caused by Android and iOS malware are unknown. However, by examining publicly reported cases including those by the Thai police, we can observe instances where cybercriminals have managed to successfully log in to victims’ bank accounts using the stolen biometric data.”
For banks and financial organisations, Group-IB suggests installing a user session monitoring system to detect malware and halt dubious sessions before users enter any personal information.
Polovinkin further cautioned that threat actors are predicted to continuously find innovative ways to exploit Apple devices, especially with the wider adoption of AI technologies. He recommended Apple users ensure they install the latest security updates provided by the developer.
Group-IB also found that ransomware attacks in the Asia-Pacific region had climbed by 39% year-on-year in 2023, with manufacturing and real estate firms being the most common targets. Australia, India, and Thailand were the nations targeted most frequently in the region last year.
Simultaneously, Check Point Software Technologies disclosed that Thai organisations had experienced 1,892 cyber-attacks per week during the last half of 2023, surpassing the global average of 1,040 per week. Chanvith Iddhivadhana, country manager for Thailand at Check Point Software Technologies, highlighted Cryptominer and Botnet malware as the two most common threats in Thailand, signalling the country’s vulnerability to phishing attacks, various scams, and resource hijacking.
Iddhivadhana emphasised the growing importance of cybersecurity due to the frequency of attacks and the sensitive nature of targeted industries.
“Organisations in Thailand face an uphill battle. Cyber-attacks are getting more sophisticated and the volume of attacks is increasing.”
Iddhivadhana recommended that organisations adopt a consolidated, collaborative, and comprehensive platform approach to cybersecurity.
