By Teeranai Charuvastra
BANGKOK — Anxious about the possibility of looming cyberattacks, Thailand's banking association today called on its members to improve security measures and end the culture of data secrecy.
The call from the Thai Bankers’ Association came after it saw government websites taken down by a crude but effective assault late last year by technically unsophisticated activists protesting the junta’s plan to gain control over internet traffic. That was followed by more advanced and successful attacks by members of the a borderless hacking collective known as Anonymous.
At Wednesday’s news conference, Yos Kimsawate, an association security expert cited the October denial of service attack as the worst to hit the kingdom in recent years.
“The most serious case has to be the DDoS launched by the activists to protest the Single Gateway,” said Yos, who heads the association’s security unit.
Although the Distributed Denial of Service is among the most basic hacking tools available, it revealed vulnerability in the state’s online infrastructure and encouraged foreign hackers to target the Thai banking system, Yos said.
“Foreign hackers saw the gap and tried to do the same against banking system,” he said. “But luckily we cooperate with each other and share information, so we thwarted the attacks.”
Thailand has become a hub for transnational cyber crimes; most notably the 2014 hacking of U.S.-based Sony Pictures, which is thought to have been carried out from a luxury hotel in Bangkok.
Yos insisted Thai banks have not fallen victim to any major hacking so far, but he said his association is still concerned that an attack could happen one day.
“The issue is getting closer to us,” Yos said. “We don't want to wait until it caught us by surprise. we have to be proactive.”
He urged members of the association to step up their security systems by educating staff, improving online infrastructure to meet international standards and moving information to trusted cloud systems, among other measures.
But the most serious obstacle to that progress, he said, is the deep suspicion and reluctance among bank CEOs to share security information with each other. The secrecy makes the entire industry vulnerable because “without cooperation, if one bank is attacked, others will be attacked, too, and they wouldn’t have knowledge about it.”
“Trust is vital for cooperation,” he said. “But how do we build trust among CEOs? It’s not easy selling this kind of idea to CEOs.”
Thailand is currently ranked above the world’s average in the number of infected computers, according to a Microsoft security specialist present at Wednesday’s news conference.
Chris Peiris said Microsoft scanned and collected data about the infection rate of millions of computers around the world, and statistics showed it’s four times more likely to find infected computers in Thailand than the rest of the world.
For every 1,000 computers scanned, an average of three computers were found with something malicious, he said.
“When it comes to Thailand, the number is four times more,” he said. “It could be as high as 30 computers per 1,000 in some quarters … which can lead to further attacks.”
However, Michael Mudd, a sec-gen from a cyber security firm called the Open Computing Alliance, said the data does not mean Thailand’s banking system is particularly vulnerable to hackers.
Asked to rate how well-protected the online banking system is on a scale of one to 10, Mudd chose “eight.”
“It’s pretty good compared to many other countries,” he said. “If we take Hong Kong and Singapore as the most advanced, Thailand is pretty close behind.”
Yos said he agreed with Mudd’s score but believes the domestic banking industry could improve much more. “Actually, you don’t have to write down the number,” he told reporters. “I fear it would look like a challenge for criminals to break into our system.”