Trojan attacks zero in on Thailand
text size

Trojan attacks zero in on Thailand

Nation faces high rate of incursions

The rapid development and availability of AI technologies allow attackers to convincingly masquerade as real users, according to Group-IB.
The rapid development and availability of AI technologies allow attackers to convincingly masquerade as real users, according to Group-IB.

Thailand has become a target for Trojan malware stealing facial recognition biometric data, while a survey found the country faced a higher rate of cyber-attacks than the global average during the last six months of 2023, according to leading cybersecurity firms.

"Under specific circumstances, biometric systems can be susceptible to sophisticated cyber-attacks, despite enhanced security in many scenarios," Andrey Polovinkin, malware analyst for the threat intelligence team at Group-IB, a Singapore-based cybersecurity company, told the Bangkok Post.

The rapid development and availability of artificial intelligence (AI) technologies allow attackers to convincingly masquerade as real users, bypassing biometric security measures and gaining unauthorised access to sensitive systems or data, he said.

As a result, organisations could be exposed to substantial cybersecurity risks if they become over-reliant on such technologies without additional robust security measures, said Mr Polovinkin.

Fingerprint and facial recognition technologies offer valuable security benefits, but they are not infallible solutions, he said.

Rather than rejecting these methods completely, a balanced assessment of their integration into broader security frameworks is required.

This means incorporating additional layers of protection and consistently refining authentication processes to mitigate the evolving risks posed by threat actors, said Mr Polovinkin.

The firm reported on GoldPickaxe.iOS -- a previously unknown iOS Trojan capable of collecting identity documents, facial recognition data and intercepting SMS.

This Trojan specifically targeted Thailand and Vietnam, impersonating local banks and government organisations.

The Trojan was attributed to a Chinese-speaking threat actor codenamed GoldFactory, responsible for developing a suite of highly sophisticated banking Trojans including the previously discovered GoldDigger and newly identified GoldDiggerPlus, GoldKefu and GoldPickaxe.Android.

News on Thailand's policy on facial biometric verification was released in March 2023, to be enforced by July.

"We discovered the earliest traces of GoldPickaxe with facial video-capturing capabilities in early October 2023," Mr Polovinkin said.

"Exact figures on the number of victims and financial losses caused by Android and iOS malware are unknown. However, by examining publicly reported cases including those by the Thai police, we can observe instances where cybercriminals have managed to successfully log in to victims' bank accounts using the stolen biometric data."

The discovery of a sophisticated iOS Trojan highlights the evolving nature of cyberthreats targeting the Asia-Pacific region, he said.

For banks and financial organisations, Group-IB recommends implementing a user session monitoring system such as fraud protection to detect the presence of malware and block anomalous sessions before the user enters any personal information.

Mr Polovinkin said threat actors are likely to continue looking for new ways to exploit Apple devices, especially as AI technologies become more widely adopted.

He suggests users of Apple devices ensure they install the latest security updates issued by the developer.

Ransomware attacks in Asia-Pacific rose 39% year-on-year in 2023, with manufacturing and real estate companies the most common victims, said Group-IB.

Australia, India and Thailand were the most frequently targeted nations in the region last year.

In a related development, Check Point Software Technologies revealed Thai organisations were subject to 1,892 cyber-attacks per week for the latter half of 2023, higher than the global average of 1,040 per week.

Chanvith Iddhivadhana, country manager for Thailand at Check Point Software Technologies, said Cryptominer and Botnet malware are the two most prevalent threats in Thailand, indicating the country is susceptible to phishing attacks, a variety of scams and resource hijacking.

The government, military, manufacturing, and finance and banking sectors were subject to 5,789 attacks during the last six months of 2023.

Cybersecurity has become increasingly important based on the frequency of attacks and the sensitive nature of targeted industries, with attacks intended to retrieve sensitive information, disrupt critical infrastructure or siphon off large sums of money, he said.

"Organisations in Thailand face an uphill battle. Cyber-attacks are getting more sophisticated and the volume of attacks is increasing," said Mr Chanvith.

Organisations require a consolidated, collaborative and comprehensive platform approach to cybersecurity, he said.

Do you like the content of this article?