According to Check Point Threat Intelligence, Thai organisations suffered an average of 3,201 weekly cyberattacks in the first half of 2025, a staggering 164% higher than the global average of 1,946. Threat actors have aggressively targeted government entities and critical infrastructure sectors, as evident in the recent high profile incidents, such as the data breach at oil and gas Thai giant, Bangchak. Notably, the Utilities sector, with an average of 3,567 weekly attacks, has emerged as the most targeted vertical, while the Government/Military sector, averaging 2,662 weekly attacks, ranks among the top 3 most attacked sectors so far this year.
Keys to Cyber Resilience for Thailand
While many Thai organisations continue to operate fragmented security solutions, Check Point cautions that this siloed approach is no longer sufficient to combat modern threats. Instead, security leaders must prioritise a consolidated security strategy combining Extended Detection and Response (XDR), which unifies and correlates threat signals across endpoints, cloud, email, and networks to deliver faster, more coordinated threat detection and response; detection, External Risk Management (ERM), which proactively manages third-party, supply chain, and external attack surface risks to close gaps beyond the organisation's control, and a robust AI-powered orchestration layer that automates investigation, containment, and remediation to scale up protection across disparate environments.
These capabilities are critical because modern attacks often bypass isolated tools, exploiting gaps in visibility or delayed responses. A consolidated approach ensures security teams can see, prioritise, and neutralise threats across the entire technology stack before damage occurs.
Mr. Chanvith Iddhivadhana, Country Manager, Thailand, Check Point Software Technologies, shares "Recent events show that Thai organisations need to rethink how they manage cyber risk. There is no longer room for fragmented solutions. Investing in a unified platform that blends XDR, ERM, and an open and collaborative approach to third-party integration will deliver far more value than piecemeal tools. With AI-powered automation, even limited Security Operation Centre (SOC) resources can respond faster and more accurately to emerging threats."
Phishing and DDoS Attacks Soar Amid Political Tensions
Phishing remains the top attack vector in Thailand, with cybercriminals exploiting social engineering and impersonation to target consumers and businesses alike. The National Cyber Security Agency (NCSA) of Thailand has reported a dramatic 6,250% increase in leaked usernames and passwords, rising from 80,000 last year to 5 million this year.
Check Point Threat Intelligence has also identified FakeUpdates (also known as SocGholish) as the most prevalent malware in Thailand, impacting 13.9% of Thai organisations, well above the global average of 5.4%. First discovered in 2018, FakeUpdates is a downloader malware that spreads through drive-by downloads on compromised or malicious websites. Victims are tricked into installing a fake browser update, which enables attackers to deliver secondary payloads.
These escalating threats, compounded by Thailand's cyber skill shortage, leave critical gaps in many organisations' defences. As attackers become more sophisticated, these gaps provide opportunities for adversaries to exploit weaknesses, reinforcing the need for unified security architectures that can proactively identify and contain advanced threats.
AI and Open Garden Policy: Shaping the Next Phase of Thai Cyber Security
As generative AI (GenAI) becomes more widely deployed, Thai CISOs are increasingly concerned with how to manage its risks and maintain control. Many Thai organisations fear vendor lock-in, particularly as regulations evolve.
Check Point's open-garden policy is built on collaborative threat prevention, enabling seamless interoperability across customers' existing cyber security ecosystems. Rather than locking organisations into proprietary tools, security teams need platforms that work with, not against their existing tools. Moreover, closed systems limit interoperability and create operational blind spots. Check Point Infinity Platform supports over 100 third-party integrations, allowing security teams to share threat intelligence, ingest external data, and coordinate responses in real time. This open architecture ensures better visibility, faster detection, and fewer security blind spots.
"Real security isn't about who built it, it's about how well it works together," added Mr.Chanvith. "With Check Point's open and collaborative approach, our Infinity Platform makes your entire security stack smarter, not just our part of it. That's how we bridge skills gap and help Thai organisations move faster and protect themselves against increasingly sophisticated cyber threats."
For more information, please visit https://www.checkpoint.com.