In a significant development, the Industrial and Commercial Bank of China (ICBC), one of the world's largest banks, has fallen victim to a ransomware attack, as reported by multiple sources on Thursday. The attack has sent shockwaves through the global financial landscape, potentially affecting worldwide financial markets.
The state-owned ICBC, China's largest bank with staggering revenues of $214.7 billion in 2022, reportedly suffered the ransomware incident earlier this week. The news was first broken by the Financial Times, which revealed that the Securities Industry and Financial Markets Association, a trade group representing various financial institutions, issued a communication to its members about the incident. This communication followed reports of certain trades on the U.S. Treasury market being unable to clear.
Despite the gravity of the situation, neither ICBC, the Securities Industry and Financial Markets Association, nor the U.S. Treasury Department have provided official comments or responses regarding the attack.
Sources familiar with the matter informed the Financial Times that the LockBit ransomware gang is believed to be behind the cyberattack on ICBC. LockBit has gained notoriety throughout 2023 for carrying out numerous high-profile attacks on governments, companies, and organizations, surpassing other ransomware gangs in terms of activity and scale.
Bloomberg reported that ICBC informed several clients that a cybersecurity issue would necessitate the rerouting of certain trades. According to the bank, the attack commenced on Wednesday evening.
Cybersecurity experts and researchers had been circulating reports of the attack for several days before it was publicly acknowledged. Malware research platform vx-underground reported that equity traders had encountered difficulties placing trades or clearing previous ones through ICBC.
In response to the incident, ICBC reportedly issued an emergency notice, indicating that the attack was affecting all of the bank's clearing customers. Consequently, ICBC temporarily ceased accepting orders.
Alastair Williams, Vice President of Worldwide Systems Engineering at Skybox Security, emphasized the significant financial risks associated with cyber threats targeting the financial services sector and shared how finserv companies can protect themselves:
“The recent ransomware attack on the Industrial and Commercial Bank of China (ICBC) underscores the significant financial risks associated with cyber threats targeting financial services. Organizations in the financial sector are a prime target for threat actors, as they handle substantial amounts of money and sensitive personal information. As ransomware attacks continue to proliferate, financial organizations must prioritize robust security measures to protect their business continuity and customers.
To fortify their defenses, organizations should adopt a proactive security stance against prevalent threats. When evaluating the severity of vulnerabilities, it is crucial to consider factors such as network accessibility, exposure, exploitability, and potential commercial repercussions.”
The ICBC ransomware attack serves as a stark reminder of the persistent and evolving cybersecurity threats facing organizations worldwide, with potentially far-reaching consequences for the global financial system. BigID CISO Tyler Young commented on why ICBC may have been targeted and why having an 'assume breach' mindset is critical for organizations: "China’s ICBC was most likely targeted because it’s essentially a critical infrastructure and they possess information, data, money, etc. that all threat actors are looking for. Banks and Financial institutions typically have the biggest target on their backs. These types of organizations are also more at risk since, over the last several years, we have seen banks attempting to modernize their tech stack, going to the cloud and leveraging SaaS applications. While this digital transformation is essential for a modern business, it does possess new risks and requires a completely new approach to protecting your organization.
This ransomware attack made a huge impact because it’s one of the few ransomware attacks to halt a major financial market trade. Hopefully, this will force organizations to realize that they can no longer neglect cybersecurity due to resource limitations or ignorance. It is crucial to prioritize data protection, invest in security measures, and take proactive steps to mitigate vulnerabilities. The days of not investing in security and not having a Chief Security Officer reporting into an organization's executive team is not acceptable.
Organizations can no longer assume “the breach will not happen to us”, and need to take cybersecurity seriously. While it may not be possible for organizations to immediately remediate every vulnerability, it's extremely important that all organizations take mitigation steps to reduce the impact of a vulnerability."