Fri | Nov 10, 2023 | 1:55 PM PST

The Industrial and Commercial Bank of China (ICBC), recognized as the world's largest commercial bank, has fallen victim to a ransomware attack. The incident, which unfolded on November 8, 2023, has sent ripples through the global financial community, emphasizing the escalating cyber threats faced by even the most robust institutions.

ICBC confirmed the attack in an official statement, revealing that its U.S. arm, ICBC Financial Services, experienced a ransomware attack resulting in the disruption of certain systems. The bank, in response to the incident, promptly disconnected and isolated affected systems to contain the breach.

Despite the disruption, ICBC successfully cleared U.S. Treasury trades executed on November 8 and Repo financing trades done on November 9. According to a report from Yahoo Finance, the company "had to dispatch a courier with a USB drive to deliver transaction details to its partners."

Lockbit, a notorious cybercriminal group, has been implicated as a potential orchestrator of the attack. Dean Webb, a cybersecurity solutions engineer at Merlin Cyber, provided insight into Lockbit's history, noting that the group has grown in sophistication and operational capacity over the years:

"The Russia-based Ransomware as a Service (RaaS) group LockBit has been around since 2019, but started making big headlines when their LockBit 2.0 was released in 2021. That tool could encrypt rapidly and was behind attacks on Accenture, Thales, La Poste Mobile, Pendragon PLC, California Finance Administration, the Port of Lisbon, and Toronto’s Hospital for Sick Children. That last one resulted in the group stopping the attack and providing a free decryption key. But the rest of the world suffers, apparently.

LockBit 3.0 came out in June of last year. What's interesting here is that LockBit grew as an organization, improving its recruiting and retention, running a beta program for LockBit 3.0, and even introducing a bug bounty program to ransomware development.

This is an operation that has brought in tens of millions of dollars in ransom payments, and their market opportunities are wide open. The 3.0 version of LockBit was involved in attacks on Royal Mail, a water utility in Southern France, China Daily, TSMC, Port of Nagoya, and now ICBC.

The Chinese attacks are interesting, as Russian hacking groups have in the past refrained from attacking allies of Russia's. It may be that the non-governmental entities in China are now seen as fair game, or the group feels bold enough to no longer toe the line on Russian foreign policy."

The significance of this attack on ICBC, a cornerstone of China's financial prowess and the largest commercial bank globally by revenue, cannot be overstated. Craig Jones, Vice President of Security Operations at Ontinue, emphasized the far-reaching impact, stating:

"This incident not only disrupted ICBC's operations but also had ripple effects in the U.S. Treasury market, underlining the far-reaching impact of cyber attacks on critical financial systems."

The rarity of such attacks on major financial institutions heightens the significance of the ICBC incident. The sheer scale and complexity of ICBC as the world's largest commercial bank by revenue—reporting $214.7 billion in revenue and $53.5 billion in profits in 2022—make this cyber breach particularly noteworthy.

The incident underscores the pressing need for continuous vigilance and improvement in cybersecurity strategies across the financial sector, as even the most substantial entities are not immune to the evolving threat landscape.

Follow SecureWorld News for more stories related to cybersecurity.

Comments