Thailand Recorder

Latest News From Thailand

    • General

    SEC warns against hackers rampage during Songkran

    Posted on

    SEC warns against hackers rampage during Songkran Festival

    The Securities and Exchange Commission (SEC) by the Information Technology Risk Supervision and Examination Department Stated in the article “Hackers love holidays” that When it comes to many long holidays It is often the moment that brings smiles to the working people. Because he can relax and put down the burden of work. Have more time for yourself and your family. or travel to different places

    But did you know that apart from “us” who look forward to the holidays happily, “scammers” like holidays as well? It can often be seen in the news that during the long holidays that many of us rest. Criminals will go out to work, such as property robbery, so the National Police Agency has a project. "Leave the house with the police" to monitor prevent incidents and build confidence among the public.

    The holidays are also the golden hour for hackers, according to the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI). In the past, hackers usually attacked on weekends, Friday and Saturday. But nowadays, hackers will choose to attack victims during long holidays in each country, such as attacking victims in China. Chinese New Year attacking victims in Japan during the Obon festival, for example, in Thailand may also be affected during the Songkran Festival

    Nowadays, the most common cyber attack is ransomware that can steal sensitive data from the victim's computer system for ransom. Recently, ransomware has been demanded in cryptocurrencies to make it harder to track, causing the number and frequency of ransomware to increase exponentially each year. In the past, ransomware attacks only encrypted the victim's local files. If the victim does not pay the ransom, the files cannot be used. But nowadays, Ransomware The victim's local files are encrypted. Including stealing files by removing them from the victim's system. The file may contain important information such as customer information. confidential corporate documents, etc. If the victim does not pay the ransom, they are threatened with releasing sensitive stolen data onto the Internet. Make it information that anyone can access. Which is extremely frightening.

    According to experts' observations, most ransomware infiltrate systems in advance and stay in the system for a long time (average 72.5 days), waiting for long downtime before taking action. By encrypting files or performing data theft. from many incidents It usually starts from an attack via Phishing Email or Website (with vulnerabilities) by using SQL Injection techniques to get webshell/cmdshell. And then using Remote Desktop Protocol (RDP) to send and run the ransomware program on the victim's machine to steal data and encrypt the victim's local files.

    It can be seen that “cyber threats” happen every day. Except public holidays Whether it's an individual or an organization, there will always be a chance to be attacked at any time as well, so to reduce the chances of attacks from malicious people or "hackers" to damage various work systems before the holidays, Saturday-Sunday. or a long holiday during the festival And to make the holidays go smoothly. therefore should be prepared to prevent and reduce the risk of cyber threats The preliminary recommendations are as follows:

    (1) Back up all important data. by keeping a separate set of backup data and test recovery to ensure that the backup data can be used to restore the system or rectify the situation and continue the business when necessary.

    (2) Change the account password that accesses the key system and enable MFA (Multi-Factor Authentication) and review permissions. User information in the system, especially a user with high privileges in the system (High Privilege) such as Root or Administrator, etc., including Test User or Dummy User that was created for specific use. When not in use, should be disabled or delete Users who are not in use from the system.

    (3) Update Anti-Malware and scan the entire system to remove malware that may be embedded in the system.

    (4) Update the program Including the operating system up to date to reduce vulnerabilities in the system

    (5) Review the settings for remote computer remote access (Remote Access). Grant permissions only to those who are required to use it. in order to reduce the chances that those with bad intentions It may be used as a way to command Run Command that is embedded in the system.

    (6) Review the Firewall settings to block idle connections.

    (7) follow the news Cybersecurity from reliable sources Including reviewing and rehearsing the response plan according to the organization's Incident Response Handbook in the event of a cyber threat.

    (8) Check the website under supervision/linked to the company's internal system. In order not to be used as a channel to access the system within the organization Including surveillance of adverse events by monitoring network traffic or suspicious log files.

    The SEC hopes that these 8 preliminary recommendations will help reduce the chance that "hackers" will use the long holiday to cause damage and trouble to business operators and service users in the capital market sector

    Source: Thai News Agency