Thailand should stay alert for the risk of NotPetya ransomware, according to cybersecurity expert Prinya Hom-anek, president and chief executive at the ACIS Professional Centre.
NotPetya ransomware was discovered in the Ukraine and has quickly spread to Europe. It has encrypted and locked thousands of computers across the world. Even though Thailand has not been attacked yet, it does not mean it is safe.
"Organisations in Thailand might be attacked because South Korea and India have already been hit," he said.
Most call it Petya, but it is not. Dubbed NotPetya, this is a variant, or a malware upgrade of the Petya ransomware which was delivered last year via scam emails.
NotPetya seeks to gain administrator access on a machine and then leverage that power to command other computers on the network.
It takes advantage of organisations employing flat networks in which an administrator on one endpoint can control other machines, and root out domain admin credentials present in memory, until total control over the network is achieved.
"This ransomware targets high-profile users, especially the system administrator. An admin password is identical to the master key. Once it's copied, the hacker can control everything on the target computer," he said.
NotPetya is potentially more harmful than Wannacry because it does not require vulnerable, unpatched systems to spread on the network, and users will never be able to recover their files. Mr Prinya said authorities should educate internet users and administrators about cybersecurity as a potential safeguard against such attacks.
According to James Carder, chief information security officer and vice-president of LogRhythm Labs, the recent attacks associated with WannaCry and NotPetya have re-enforced the lack of accountability and poor focus on basic IT and security fundamentals in the industry.
Core IT operational competencies, such as patch management, backups, disaster recovery, and incident response are not well implemented or maintained, he said. These are essential for protecting a company from damaging cyberthreats, and without them they are left in a perpetually vulnerable state. The only actions they can take are responsive, and usually only after some other unlucky company has been compromised.
Attacks such as that launched by NotPetya and previously by WannaCry will continue to be the normal state of things.
''A determined hacker only has to be right once. The odds are heavily in their favour with compromise likely, if not inevitable,'' he said. "As such, we need to stop focusing solely on defence and protection -- and put more effort into monitoring, detection and response to help deal with the mess that is IT is in today.
"As we saw with WannaCry, it is not always about stopping the initial compromise, but how quickly you can respond and contain a threat before it becomes a full blown incident or global outbreak."