ICBC Grapples with Ransomware Attack – Will This Cause a Major Damage?


In a significant cybersecurity incident, China’s largest commercial lender, the Industrial and Commercial Bank of China (ICBC), recorded a ransomware attack on its U.S. arm.

The incident, which occurred on Thursday, disrupted trades in the U.S. Treasury market, marking the latest victim in a series of ransom-demanding hacks this year.

ICBC Response to Major Ransomware Attack

The attack is suspected to be the work of the cybercrime gang Lockbit, known for its aggressive ransomware tactics. However, as of Thursday evening, Lockbit’s dark website, where it typically names its victims, did not include ICBC.

The attack reveals how vulnerable the systems at major financial institutions are, raising concerns about the effectiveness of cyber safety measures. Meanwhile, ICBC Financial Services remains committed to examining the attack, working to restore disrupted systems and mitigate potential losses.

 Also, China’s foreign ministry emphasized the bank’s effort, stating that it will do everything possible to reduce the impact on risk and losses.

Besides this, the U.S. authorities, which have been grappling with the increase in cybercrime, particularly ransomware attacks, are also trying to fight the funding of such criminal organizations.

Despite the disruption, the bank reported that it successfully cleared Treasury trades executed on Wednesday and repurchase agreements (repo) financing trades conducted on Thursday. In the meantime, the bank has not officially commented on the attackers’ identity.

This is understandable, as it’s common for such organizations to refrain from publicly disclosing such information. Notably, market observers acknowledge that the effect of the attack was little on the market. However, they have decided to remain vigilant about its implications, particularly for cybersecurity controls in the financial sector.

Meanwhile, the U.S. Securities Industry and Financial Markets Association (SIFMA) has informed its members about the ransomware attack. They emphasized ongoing communication with key financial sector participants and federal regulators.

The Treasury market, according to LSEG data, appeared to function normally on Thursday. However, the incident underscores the ongoing challenges in ensuring the security of financial systems against evolving cyber threats.

Ransomware Attack Streak in the U.S.

The United States recorded up to 1,815 undisclosed ransomware attacks in the first six months of 2023. On the other hand, the number of disclosed attacks reached a 49% increase compared to the first six months of the previous year.

According to information from the Malwarebytes Threat intelligence team, the U.S. experienced a hefty 43% of all global attacks. Meanwhile, the ransomware attacks in France have almost doubled over the past five months.

In Q2 2023, ransomware groups successfully compromised 1,386 victims worldwide, which was a massive increase of 67% compared to the previous quarter. Besides that, the education sector emerged on top of the victim list, with 11 attacks in January 2023.

This reflects a third of all incidents recorded that month. Also, there were a total of 427 ransomware victims in September 2023, with Lockbit leading the charts.

As for the ICBC case, the incident is likely to raise concerns about cybersecurity controls at large financial institutions, prompting regulatory scrutiny.


Source link