ICBC, the world’s largest bank, falls victim to LockBit ransomware

ICBC, the Industrial and Commercial Bank of China, faced a ransomware attack by LockBit that disrupted specific systems within its Financial Services (FS) division, on November 8th.

ICBC, the biggest bank in China, has business all over the world, with its Financial Services division based in New York City. The treasury unit is important to many activities, and it has a major effect on the U.S. Finance exchange.

On Wednesday, New York-based ICBC Financial Services disclosed a cyberattack. The business has notified the authorities, is actively looking into the incident, and is trying to tackle updates.

The first news about the cyberattack that hit ICBC FS disclosed from The Financial Times. The known LockBit ransomware group planned the attack, which benefited from the advanced LockBit 3.0 malware.

Global Cybersecurity Advisor at ESET Jake Moore said:

LockBit is a ransomware attack which uses extortion tactics once the malware is in place making it more lethal. It is dangerously self-spreading in organisations and targeted at victims or their systems specifically looking for vulnerabilities such as being able to bypass authentication.

The Industrial and Commercial Bank of China (ICBC) is aggressively recovering its systems and services following a ransomware attack. This incident caused confusion in the US Treasury market, which complicated the exchange of stocks.

The bank immediately disconnected and isolated systems in order to mitigate the outbreak in response to the ransomware attack. ICBC made it clear that its email and business systems run separately from the ICBC Group. Despite the incident, ICBC New York Branch, ICBC Head Office, and global affiliates remained unaffected by its impact on systems.

Industry Insiders Confirmed ICBC Ransomware Attack

In the field of cybersecurity, it might be difficult to identify the attackers of an attack like this one, and no one has taken responsibility for it. Identity theft is a skill that hackers possess. There are some details about the software used in the attack.

Marcus Murray, the founder of Truesec, a major Swedish cybersecurity firm, has identified the ransomware responsible for the latest outbreak as LockBit 3.0. Reputable sources within Truesec have provided the necessary details. This disclosure highlights the constantly changing terrain of cybersecurity threats, especially the risks associated with LockBit 3.0.

An ICBC Citrix server that was last seen online on Monday has reportedly gone down, according to security expert Kevin Beaumont. The server remains unpatched against an actively exploited NetScaler security vulnerability known as ‘Citrix Bleed.

Peter Cardillo, chief economist at Spartan Capital Securities, suggested the recent ransomware incident might have impacted the lackluster 30-year auction. It’s possible that the cyberattack disrupted with the bank’s trade processing, causing rerouting issues and affecting Treasury trading.

In 2022, Fortune reported that ICBC, the largest bank in China, earned $53.5 billion, achieving the highest global earnings. The bank also recorded $214.7 billion in sales during the same period. According to the most recent data from the US Treasury Department, China is the second-largest foreign holder of US Treasury notes, with a total value of $805.4 billion.

ICBC, with 10.7 million corporate and 720 million individual clients, operates through 17,000 domestic branches. It has a worldwide network covering 41 countries, including 13 locations in the United States.

The scarce availability of these kinds of attacks on large banks emphasises how serious the ICBC event was. This incident shows how important it is for the financial services sector to maintain constant supervision and improve security measures. It shows how vulnerable even the most powerful organisations are to the dynamic danger environment.

Phishing Tackle offers a free 14-day trial to help train your users to avoid these types of attacks and test their knowledge with simulated attacks using various attack vectors. By focusing on training your users to spot these types of attacks, rather than relying solely on technology, you can ensure that your organisation is better prepared to defend against cyber threats and minimise the impact of any successful attacks. 

Recent posts