The Thailand Banking Sector Computer Emergency Response Team (TB-CERT), a group of financial institutions under the Thai Bankers' Association (TBA), is alerting consumers to cyberthreats arising from online banking transactions on social media platforms.
The alarm was sounded after a Taiwanese bank became the latest victim of ransomware, a type of malware that prevents users from accessing their systems (either by locking the system's screen or by locking the user's files) until a ransom is paid.
The software was installed on the bank's servers and sent unauthorised, doctored messages through the interbank Swift network.
Money-moving messages from Far Eastern International Bank were routed to accounts in Cambodia, Sri Lanka and the US, according to Taiwan's state-run news agency.
"This ransomware is spreading across the world," said TB-CERT committee chairman Kitti Kosavisutte, adding that the team has been closely monitoring the ransomware.
Mr Kitti said TB-CERT is a collaboration of 15 member banks that share and alert corporate and retail customers of cyber-risks.
At present the group is focusing its efforts on Wifi Protected Access (WPA2) and Business Email Compromise (BEC) defence.
"Social media posts can be channels to spread malicious tools to desktops and smart devices," Mr Kitti said. "Therefore, consumers are advised to verify the information they receive on social networks before clicking, sharing or linking it. The security measures are similar to those of email."
The existing cybersecurity system of local banks is seen as strong enough, he said, but consumers still have to do their part and use online channels correctly in order to protect themselves from ransomware, phishing and other malware.
TB-CERT aims to lower the likelihood of financial fraud and cyber-risks, in particular for sensitive cases that have a large impact on public opinion.
The team would rather pay attention to cybersecurity than to statistical data on financial fraud, which could be sensitive for banks and consumers, Mr Kitti said.
The TBA announced the establishment of TB-CERT on Oct 2 with the aim of strengthening cooperation within the financial sector, which is increasingly dominated by digital technology.
TB-CERT succeeded the Information Sharing Group, which operated for about a year under the TBA.
ThaiCERT, the Thailand Computer Emergency Response Team, recently issued a warning over Bad Rabbit, a new ransomware reportedly found in late October in Ukraine and Russia.
Bad Rabbit, a suspected variant of Petya, spreads through fake Adobe Flash updates and incorporates the common source tool Mimikatz to extract common hard-coded credentials such as admin, guest, user, root and so on.
There is also evidence that Bad Rabbit is using a legitimate tool, DiskCryptor, to encrypt the victim's data.
Based on the analysis of cybersecurity firm Trend Micro, Bad Rabbit spreads to other computers by dropping copies of itself over the network. The ransom to recover functionality of the system is close to 10,000 baht on average.
According to Trend Micro, Bad Rabbit has not claimed any victims in Thailand.
The ransomware has used sites in Bulgaria, Estonia, Germany, Hungary, Japan, Slovakia, Ukraine and Russia to deliver the fake Flash installer. These sites were visited by users in Japan, Turkey and Russia, among others.