Thailand targeted by phishing and DDoS
Cyberattacks on organisations in Thailand are 164% higher than the global average, with government and critical infrastructure sectors being the primary targets.
- Organisations in Thailand are experiencing over 3,200 cyberattacks per week, a rate 164% higher than the global average, with a surge in phishing and DDoS attacks.
- Government agencies, military, and critical infrastructure are the primary targets, with the utilities sector being the most frequently attacked.
- Phishing is a leading attack method, contributing to a massive 6,250% increase in leaked usernames and passwords compared to the previous year.
- The "FakeUpdates" malware, often delivered through phishing, is the most prevalent in the nation, affecting 13.9% of organisations by tricking users into installing malicious browser updates.
Check Point Software Technologies reported that organisations in Thailand faced 3,201 cyberattacks per week in the first half of 2025, 164% higher than the global average of 1,946 attacks per week.
In recent months, cybercriminals have increasingly targeted government agencies and critical infrastructure, with significant incidents such as the data breach at Bangchak Corporation, a major Thai oil and gas company.
According to the report, Thailand’s utilities sector has become the top target, facing an average of 3,567 attacks per week, while the government and military sectors have been targeted with an average of 2,662 attacks per week, ranking among the three most attacked sectors this year.
Chanvith Iddhivadhana, Country Manager for Thailand at Check Point Software Technologies, stated that Thailand urgently needs to prioritise an AI-driven integrated security architecture to defend against increasingly complex national-level threats. These include phishing scams and DDoS (Distributed Denial of Service) attacks, which have surged due to regional tensions and the growing prevalence of cybercrime.
Phishing and DDoS Attacks on the Rise
The report highlighted that phishing and DDoS attacks have escalated amid political tensions. Phishing remains one of the leading attack methods in Thailand, with cybercriminals exploiting social engineering techniques and identity spoofing to target both consumers and businesses.
The National Cybersecurity Agency (NCSA) has reported a massive 6,250% increase in leaked usernames and passwords, rising from 80,000 incidents last year to 5 million this year.
Check Point Threat Intelligence revealed that FakeUpdates (also known as SocGholish) is the most prevalent malware in Thailand, affecting 13.9% of organisations, significantly higher than the global average of 5.4%. FakeUpdates, first discovered in 2018, is a download malware that spreads through compromised or malicious websites. Victims are tricked into installing fake browser updates, enabling attackers to deploy secondary payloads.
Increased Threats and Skill Gaps
These escalating threats, coupled with Thailand’s insufficient cybersecurity skills, have created significant gaps in many organisations’ security systems. As attacks become more sophisticated, these vulnerabilities provide opportunities for cybercriminals to exploit weaknesses, highlighting the urgent need for centralised security architectures that can effectively identify and mitigate advanced threats.
Overhauling Cyber Strategies
Chanvith discussed the key to building Cyber Resilience in Thailand, noting that many organisations in the country still rely on disjointed security solutions. Check Point suggests that this approach is no longer sufficient to combat the modern threats that organisations face.
To address this, security leaders need to focus on a centralised security strategy that integrates Extended Detection and Response (XDR), linking threat signals across endpoints, cloud environments, email, and networks. This integration ensures that threat detection and response are faster and more coordinated.
Additionally, External Risk Management (ERM) should be employed to proactively manage risks from third parties, supply chains, and external attacks. This should be coupled with strong AI-driven coordination layers that can automatically monitor, control, and resolve issues, extending protection across varied environments.
These capabilities are crucial, as modern attacks can bypass fragmented tools, exploiting gaps in visibility or delayed responses. A unified approach allows security teams to prioritise and neutralise threats across technologies before any damage occurs.
Breaking Barriers with AI
As Generative AI (GenAI) becomes more widely adopted, Chief Information Security Officers (CISOs) in Thailand are growing increasingly concerned about managing risks and controls. Many Thai organisations are worried about vendor lock-ins, especially as regulations evolve.
To tackle this, a more collaborative approach is needed, one that allows seamless interaction within the existing cybersecurity ecosystem, rather than being confined to specific tools. Security teams require platforms that integrate with their current tools, not hinder them. Closed systems limit interoperability and create operational blind spots.
Organisations across Thailand must reassess their approach to cyber risk management. There is no room left for fragmented solutions. Investing in comprehensive platforms that encourage collaboration and are open to integration with other vendors will provide greater value than standalone tools. With AI-driven automation, even Security Operations Centres (SOCs) with limited resources can respond quickly and accurately to emerging threats.
By Wariya Khamchana
