Ransomware Strikes Thailand Manufacturing Industry
Data leaks are a significant concern for every organization. Between September 2021 and September 2022, theft or leak of data has been a big issue for Thailand as well, through various means such as the dark web, ransomware threats, and phishing, mostly against government and manufacturing industries.
With the help of SOCRadar’s Thailand Threat Landscape Report, businesses can define their cybersecurity needs, design their enterprise-wide security strategies, and choose where to invest.
Click the button below to download the full report.
121 Unique Threat Actors in Dark Web Targeted Thailand
Thailand was the target of 121 different threat actors, according to SOCRadar’s research. The report contains information on the threat actors who are most active in attacking Thai organizations.
Data from DarkMirror shows that the “public sector, education, and media & entertainment” sectors were Thailand’s top three most targeted sectors.
Also, 14,534 dark web posts have been discovered by SOCRadar DarkMirror. 190 of these postings were about organizations in Thailand. SOCRadar’s Dark Web Team has prepared the numbers below after extensive data analysis.
Customer data leak posts made up more than half of the dark web posts, and most were related to Thailand’s public sector. You can find the major dark web incidents in our report.
Big Ransomware Groups Targeting Thai Organizations
52 different ransomware groups carried out 2,900 operations worldwide between September 2021 and September 2022. 53 of these attacks targeted organizations in Thailand, and the LockBit gang conducted about half. The majority of the targets were companies in the manufacturing industry.
Including LockBit, SOCRadar tracked 20 different ransomware groups that targeted Thai companies. The most active ransomware families that targeted Thailand:
- LockBit 3.0
- Conti
- BlackCat (ALPHV)
19 of the 53 ransomware victims refused to pay the ransom demand. Thus, nearly 36% of ransomware operations exposed organizations’ data.
Most Exploited Vulnerabilities
Even though they had been patched for a while, 2880 hosts were still susceptible to the HeartBleed vulnerability (CVE-2014-0160) and 1050 hosts to the BlueKeep vulnerability (CVE-2019-0708).
Other critical vulnerabilities with high numbers of vulnerable hosts in Thailand:
- CVE-2022-22719
- CVE-2022-22720
- CVE-2022-22721
- CVE-2022-30522
- CVE-2022-28615
- CVE-2022-29404
- CVE-2022-30556
Also, SOCRadar detected more than 3 million open ports in Thailand as of September 24, 2022. Remote Desktop Protocol (RDP, port 3389) ports were among the approximately 17,000 open ports. You can find these ports as a list in the report.
Get the full report to learn more about Thailand’s phishing landscape, DDoS attacks, state-sponsored APT activity, and other topics.