ICBC bank ransomware attack, World’s biggest bank hacked

 ICBC: World’s biggest bank hacked due to suspected Citrix Bleed vulnerability (CVE-2023-4966)

On November 9, 2023, the Industrial and Commercial Bank of China (ICBC), the world's largest bank, was hit by a ransomware attack that disrupted trades in the U.S. Treasury market. The attack was carried out by the ransomware group LockBit, which demanded a ransom of $10 million from ICBC.

ICBC said that it was able to isolate the impacted systems and contain the incident. The bank also said that it was making progress in recovering from the attack and that it was in contact with law enforcement agencies in the United States and China.

The attack on ICBC is the latest in a string of high-profile ransomware attacks against financial institutions. In recent months, ransomware groups have also targeted banks in Costa Rica, Brazil, and India.

The increasing frequency of ransomware attacks against financial institutions has raised concerns about the security of the global financial system. Ransomware attacks can cause significant financial losses and disruptions to critical infrastructure.

In order to protect themselves from ransomware attacks, financial institutions should implement a number of security measures, including:

Regularly backing up data: This will allow the bank to restore its systems in the event of an attack.
Implementing strong access controls: This will help to prevent unauthorized access to systems.
Training employees on ransomware: This will help employees to identify and report ransomware attacks.
By taking these steps, financial institutions can help to protect themselves from the growing threat of ransomware.



It is because China is known for banning of the use of cryptocurrency. Most of the attackers prefer cryptocurrency as a mode of payment. It is because of the anonymity that it provides, making it difficult for authorities to find them. The bank has assured settlement to all the associated parties of all the US Treasury trades executed on the 8th of November and the 9th of November.

The details of the respective trades were physically dispatched to the counterparties via a USB stick. Many cybersecurity experts are suggesting that the attack was caused primarily through the effective exploitation of the Citrix Netscaler box that was not fully patched for security vulnerabilities such as Citrix Bleed (CVE-2023-4966).

By effectively exploiting CVE 2023 4966, an attacker can bypass even strong passwords and multi-factor authentication (MFA) making it highly dangerous.

According to the CISA, the vulnerability has been actively being exploited by many cyber criminals in active targeted campaigns in the earlier weeks. Many ransomware attackers have effectively exploited this vulnerability to engage in complex ransomware attacks.

The cl0p ransomware attack that has caused millions of business losses for hundreds of businesses across the globe was also carried out using the CVE 2023 47246 vulnerability. An IT service company reported the presence of the vulnerability in their service management software SysAid on the same day as the ICBC attack.

The SysAid IT service management software allows users to monitor and control servers and computers remotely. SysAid has asked its users to install the latest version of their software since it comes with all the fixes and patches for the said vulnerability that is actively being exploited.

Experts are suggesting that effective exploitation of the SysAid vulnerability could further escalate to wide-scale attacks such as supply chain attacks.

Comments

Post a Comment

Popular posts from this blog

SharkStriker | Your threat striking company

Due to the emergence of high bandwidth, low latency 5G internet, there is a significant amount of increase in devices that are helping businesses across the globe transform. But this increase in devices is also one of the fundamental attack surfaces for cyber criminals who are looking for an open-door entry into their network. This new entry of devices into the organizational network has presented a business risk for organizations worldwide with a wide range of endpoints being vulnerable to threats.  According to a Ponemon Institute report, over 68% of organizations have experienced more than one attack which has led to them facing a huge data loss and compromise of their IT infrastructure. Therefore, in today’s world, it has become imperative for organizations to step up their cybersecurity ball game in order to proactively be prepared against such cyber threats and criminals. Before we delve into endpoint security it is important to know what endpoints are and how security has evolve
Read more

Top 10 most common types of cyber attacks.

Image
  We have seen some of the common cyber attacks that are affecting businesses worldwide. We have also explored what cyberattacks are and how they can differ depending on the cyberattacker and their motivations and intentions. What is a cyber attack and how it works? A cyber attack is an attempt to intentionally steal, alter or destroy data sensitive to a business. It’s carried out with an intention that can either be monetary or political. It can also be for a cause. Many cyber attackers are hacktivists who do cyber attacks to raise awareness for societal or political reasons. The nature and gravity of a cyber attack is dependent on the nature and cause of a cyber attacker. For example, while some cyber criminals may spend a lot of time on an attack targeting a big business, others may spend considerably less time targeting a small business. Others may target government or social institutions for the cause of political agenda or social or environmental cause. Now let us explore some of
Read more

Top 10 cybersecurity risks and threats for the banking sector in 2024

Image
  Learn about some of the potential cyber risks and threats that the banking sector may face in 2024 The banking sector faces inherent vulnerabilities to cyber-attacks driven by its heavy reliance on interconnected digital infrastructure and the storage of highly sensitive financial and personal information. Pointing to one key vulnerability is the prevalence of outdated legacy systems still in use, which may lack the latest security features and updates. These systems often have vulnerabilities that cybercriminals can exploit. Moreover, the extensive sharing of financial data among institutions and third-party service providers increases the attack surface. Human factors contribute significantly to the sector's vulnerability, with phishing attacks and social engineering exploiting individuals' unsuspecting behavior. Inadequate cybersecurity awareness and training make employees more susceptible to manipulation. Additionally, the rapid adoption of new technologies, such as mob
Read more