Headline
World’s Largest Bank ICBC Discloses Crippling Ransomware Attack
By Deeba Ahmed Reportedly, it was a ransomware attack orchestrated by the notorious LockBit gang. This is a post from HackRead.com Read the original post: World’s Largest Bank ICBC Discloses Crippling Ransomware Attack
The ransomware attack caused the US arm of the Industrial and Commercial Bank of China (ICBC) to resort to unconventional USB stick transactions.
China’s largest bank, the Industrial and Commercial Bank of China (ICBC), has reportedly become a victim of a ransomware attack. The ICBC is the world’s largest bank in terms of assets. According to Bloomberg, the Russia-linked LockBit ransomware gang is responsible for the attack.
This gang offers ransomware-as-a-service and has been involved in many incidents targeting high-profile organizations, including the IT giant Accenture, Boeing, Bangkok Airways, the UK’s Royal Mail, German firm Continental, etc.
Ironically, the cyberattack on ICBC occurred just a week after the US announced an alliance of 40 countries to combat ransomware threats, emphasizing a stance against paying ransom to threat actors.
It is worth noting that the US trading arm of the ICBC has been targeted in the attack, forcing it to conduct trades within Manhattan through messengers carrying USB flash drives. The incident recalls the events of 2018 when employees at two municipalities in Alaska were forced to resort to using typewriters following a massive ransomware attack.
A message was posted on the ICBC Financial Services website, revealing that its systems were disrupted on 8 November 2023. The bank intends to conduct a thorough investigation to determine the root cause of the security incident. Relevant authorities have been informed as well.
ICBC’s statement
After the attack, the bank could not clear pending US Treasury trades because the concerned entities got disconnected from the impacted systems, forcing the bank to send them settlement details via USB sticks. The company quickly isolated the systems from ICBS’s head office. However, the bank’s overseas units weren’t impacted.
It is suspected that the attackers may have exploited the Citrix Bleed vulnerability (CVE-2023-4966). Security researcher Kevin Beaumont states that the ICBC may not have patched the flaw in its Citrix NetScaler Gateway appliance.
A patch for the flaw was released by Citrix last month. It is a serious vulnerability, given that hackers/ransomware gangs can easily exploit it to bypass authentication and break into corporate systems. This vulnerability has been exploited several times recently in attacks against unpatched government and corporate networks.
According to Bloomberg’s report, the incident has disrupted the US Treasury market. A statement from the Securities Industry and Financial Markets Association on Thursday revealed that the bank was targeted by ransomware software, preventing it from settling treasury trades on behalf of other market participants, which can drastically impact US Treasuries’ liquidity.
Regarding this incident, KnowBe4’s Data-Driven Defense Evangelist, Roger Grimes, shared with Hackread.com that such incidents can financially benefit the perpetrators.
“Incidents like this, where there’s “real” money involved, often don’t work out long-term for the ransomware gang involved. The authorities not only get involved but there’s big pressure for people to be arrested and the gang shut down.”
“I’m surprised the ransomware gang went ahead with the exploitation. Perhaps they didn’t realize what they had and what they would be interrupting. But the Chinese certainly have their own great hackers they can use as an offensive resource, and the US authorities are pretty good at identifying culprits and dishing out pain when the money involved is enough. This is one of those cases,” Grimes noted.
The incident highlights the growing risk of cyberattacks on financial institutions, and the importance of having robust cybersecurity measures in place.
****RELATED ARTICLES****
- Hive Ransomware Resurfaces as Hunters International
- US, India and China Most Targeted in DDoS Attacks, StormWall
- Schools Are the Most Targeted Industry by Ransomware Gangs
- FBI and CISA Issue Joint Advisory on Snatch Ransomware Threat
- Lyca Mobile Suffers Cyber Attack, Investigating Ransomware Possibility
Related news
Talos IR observed operations involving Play, Cactus, BlackSuit and NoEscape ransomware for the first time this quarter.
By Deeba Ahmed The latest Xfinity data breach is linked to the critical Citrix Bleed vulnerability. This is a post from HackRead.com Read the original post: Xfinity Rocked with Data Breach Impacting 36 Million Users
Citrix Bleed is being actively exploited by at least six cybercrime groups.
Multiple threat actors, including LockBit ransomware affiliates, are actively exploiting a recently disclosed critical security flaw in Citrix NetScaler application delivery control (ADC) and Gateway appliances to obtain initial access to target environments. The joint advisory comes from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI),
By Deeba Ahmed Earlier, Boeing acknowledged a cyberattack amidst claims by the Lockbit ransomware gang of breaching its security and stealing data. This is a post from HackRead.com Read the original post: Lockbit Ransomware Leaks Boeing Data Trove
Hello everyone! October was an interesting and busy month for me. I started a new job, worked on my open source Vulristics project, and analyzed vulnerabilities using it. Especially Linux vulnerabilities as part of my new Linux Patch Wednesday project. And, of course, analyzed Microsoft Patch Tuesday as well. In addition, at the end of […]
The Arid Viper threat actor is actively trying to install spyware on targeted devices in the Middle East, using fake dating apps as lures.
By Waqas Mandiant Investigates Zero-Day Exploitation in Citrix Vulnerability, CVE-2023-4966. This is a post from HackRead.com Read the original post: Mandiant Tracks Four Uncategorized Groups Exploiting Citrix Vulnerability
Plus: Major vulnerability fixes are now available for a number of enterprise giants, including Cisco, VMWare, Citrix, and SAP.
Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server
In the race over Citrix's latest vulnerability, the bad guys have a huge head start, with broad implications for businesses and critical infrastructure providers worldwide.
Virtualization services provider VMware has alerted customers to the existence of a proof-of-concept (PoC) exploit for a recently patched security flaw in Aria Operations for Logs. Tracked as CVE-2023-34051 (CVSS score: 8.1), the high-severity vulnerability relates to a case of authentication bypass that could lead to remote code execution. "An unauthenticated, malicious actor can inject files
The latest threat to Citrix NetScaler, CVE-2023-4966, was exploited as a zero-day bug for months before a patch was issued. Researchers expect exploitation efforts to surge.
Citrix is warning of exploitation of a recently disclosed critical security flaw in NetScaler ADC and Gateway appliances that could result in exposure of sensitive information. Tracked as CVE-2023-4966 (CVSS score: 9.4), the vulnerability impacts the following supported versions - NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50 NetScaler ADC and NetScaler Gateway 13.1 before
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.