China’s Largest Commercial Lender Targeted in Ransomware Attack
The Chinese state-owned bank is the third-largest bank in the world by market capitalization.
- China’s largest commercial lender, the Industrial and Commercial Bank of China, was victimized in a ransomware attack on Thursday.
- No ransomware group has claimed responsibility, and the bank has yet to disclose the details of the cybersecurity incident.
The Industrial and Commercial Bank of China (ICBC), the country’s largest one, faced disruption to its operations and services following a ransomware attack. An emergency notice to the Securities Industry and Financial Markets Association members fails to note the perpetrator of this attack, whose impact was felt across the Pacific in the U.S. Treasury markets.
The attack, which Financial Times sources have attributed to the Lockbit ransomware gang, led to roadblocks in trade clearance, including for equity. “ICBC is currently unable to connect to DTCC/NSCC. This issue is impacting all of ICBC’s clearing customers, including [censored],” the Securities Industry and Financial Markets Association notification reads.”
“Because of this, [censored] is temporarily suspending all inbound FIX connections and not accepting orders at this time. We are in close touch with ICBC and will advise as soon as the issue is resolved. We are exploring all avenues to clear all 11/8 trades and will provide updates as they become available.”
ICBC itself is yet to confirm the attack publicly. The Chinese state-owned bank is the third-largest bank in the world by market capitalization ($216.59 billion). Its revenue for the trailing 12 months stands at $121.19 billion.
The bank being one of the financial bigwigs and China’s largest commercial lender is a reason for the unknown attackers to worry, according to Roger Grimes, data-driven defense evangelist at KnowBe4.
See More: FBI Notifies of Two New Infiltration Techniques Used in Ransomware Attacks
“Incidents like this, where ‘real’ money is involved, often don’t work out long-term for the ransomware gang involved. The authorities get involved and there’s big pressure for people to be arrested and the gang shutdown,” Grimes told Spiceworks.
“I’m surprised the ransomware gang went ahead with the exploitation. Perhaps they didn’t realize what they had and what they would be interrupting. But the Chinese certainly have their own great hackers they can use as an offensive resource, and the US authorities are pretty good at identifying culprits and dishing out pain when the money involved is enough. This is one of those cases.”
Technical details of the hack, which led to infiltration and compromise, remain under wraps. However, security researcher Kevin Beaumont believes the threat actors could have found their way in through the Citrix Bleed vulnerability in an unpatched Citrix Netscaler box discovered on Monday.
Alastair Williams, VP of Worldwide Systems Engineering at Skybox Security, told Spiceworks, “Organizations in the financial sector are a prime target for threat actors, as they handle substantial amounts of money and sensitive personal information. As ransomware attacks continue to proliferate, financial organizations must prioritize robust security measures to protect their business continuity and customers.”
“To fortify their defenses, organizations should adopt a proactive security stance against prevalent threats. When evaluating the severity of vulnerabilities, it is crucial to consider factors such as network accessibility, exposure, exploitability, and potential commercial repercussions,” Williams added.
It is unclear whether Lockbit is the one behind the ransomware attack. ICBC hasn’t been added to the prolific ransomware gang’s leak site. Lockbit has perpetrated more than 1,700 attacks since it emerged in early 2020, according to the FBI. The group’s latest confirmed attack was against American aerospace major and the U.S. government contractor Boeing.
Which sector is the most at risk from ransomware? Please share with us on LinkedIn, X, or Facebook. We’d love to hear from you!
Image source:
MORE ON RANSOMWARE
