The fifth-largest bank in Thailand, the Bank of Ayudhya, also known as Krungsri has come under attack after the K0LzSec hacker group listed it as a victim.
The K0LzSec hacker’s group, relatively new in cyberspace, asserted their involvement in the Krungsri data breach by sharing evidence in the form of a check-host link.
Similar tactics have been observed in the past, with other hacker groups employing the same approach to disclose their targets on their data leak platforms.
While the Krungsri data breach is yet to be confirmed by the bank, the claimed security incident has placed customer data in jeopardy, further contributing to the ongoing trend of cybercriminals targeting the financial sector of the country.
To confirm and gather more information about the alleged Krungsri data breach, The Cyber Express has reached out to the impacted bank.
However, at the time of writing, we were yet to has receive an official statement or confirmation from them, raising additional doubts regarding the authenticity of the breach claims.
Additionally, both the bank’s main website and its subsidiary websites remained functional
The Krungsri Data Breach and Surge in Hacking Attempts in Thailand
The alleged Krungsri data breach is not an isolated cyber incident in Thailand.
In a similar incident, the NDT SEC hacking group announced the cyber attack on Delta Electronics via a Telegram post attached with the same check-host link used in the Krungsri data breach incident. These two cyber incidents are just the tip of the iceberg as the country is facing multitude of cyber attacks in the recent past.
According to Check Point Research, the average frequency of cyber-attacks targeting Thai organizations has nearly doubled the global average over the last six months, reported The Thaiger.
A similar pattern emerged within Southeast Asia, with Thai entities enduring 2,388 weekly attacks on average, slightly surpassing the regional average of 2,375, reported Bangkok Post.
Noting the escalating cyber threats, Krungsri had enacted a new measure on May 1, 2020, to safeguard its digital ecosystem.
According to this measure, Krungsri banned rooted or jailbroken devices, effectively restricting access to its Krungsri Mobile App (KMA).
This initiative, aligned with the Bank of Thailand’s Guiding Principles for Mobile Banking Security, aimed to curtail the high-security risks posed by compromised devices.
The ban is rooted in the recognition that tampered devices are more susceptible to malicious applications and malware, which can undermine the integrity of computer and network systems.
The malware landscape in Thailand
Thailand’s cyber terrain is perilous, with multiple malware strains posing grave threats. Earlier NDT SEC had also listed nine Thailand-based banks as victims in a dark web post.
The campaign was reportedly called the OpThailand campaign and consisted of attacks on these banks in Thailand:
- Krungthai Bank cyber attack
- Kasikorn Bank cyber attack
- Siam Commercial Bank cyber attack
- Government Savings Bank cyber attack
- Bank of Ayudhya cyber attack
- Thai Military Bank cyber attack
- Land & Houses Bank cyber attack
- United Overseas Bank cyber attack
- Cimb Bank cyber attack
Adding to these attacks, the foremost culprits include the Banking Trojan (Zeus), Cryptominer (XMRig), and Info-stealer (Qbot).
A Check Point Research unveils that 72% of malicious files were distributed via email in the past 30 days, underlining the role of social engineering in these attacks, reported Bangkok Post.
Of particular concern is the prevalence of remote code execution, afflicting 61% of organizations, signifying the urgency to fortify system defenses. The global scenario paints an equally unsettling picture as Thailand grapples with its cyber battles.
The second quarter of 2023 witnessed an 8% surge in the average weekly cyber-attacks compared to the previous year, marking the highest tally in the past two years.
Organizations worldwide are grappling with an average of 1,258 attacks per week, reflecting the relentless escalation of cyber threats.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
