ICBC bank ransomware attack, World’s biggest bank hacked

 ICBC: World’s biggest bank hacked due to suspected Citrix Bleed vulnerability (CVE-2023-4966)

On November 9, 2023, the Industrial and Commercial Bank of China (ICBC), the world's largest bank, was hit by a ransomware attack that disrupted trades in the U.S. Treasury market. The attack was carried out by the ransomware group LockBit, which demanded a ransom of $10 million from ICBC.

ICBC said that it was able to isolate the impacted systems and contain the incident. The bank also said that it was making progress in recovering from the attack and that it was in contact with law enforcement agencies in the United States and China.

The attack on ICBC is the latest in a string of high-profile ransomware attacks against financial institutions. In recent months, ransomware groups have also targeted banks in Costa Rica, Brazil, and India.

The increasing frequency of ransomware attacks against financial institutions has raised concerns about the security of the global financial system. Ransomware attacks can cause significant financial losses and disruptions to critical infrastructure.

In order to protect themselves from ransomware attacks, financial institutions should implement a number of security measures, including:

Regularly backing up data: This will allow the bank to restore its systems in the event of an attack.
Implementing strong access controls: This will help to prevent unauthorized access to systems.
Training employees on ransomware: This will help employees to identify and report ransomware attacks.
By taking these steps, financial institutions can help to protect themselves from the growing threat of ransomware.



It is because China is known for banning of the use of cryptocurrency. Most of the attackers prefer cryptocurrency as a mode of payment. It is because of the anonymity that it provides, making it difficult for authorities to find them. The bank has assured settlement to all the associated parties of all the US Treasury trades executed on the 8th of November and the 9th of November.

The details of the respective trades were physically dispatched to the counterparties via a USB stick. Many cybersecurity experts are suggesting that the attack was caused primarily through the effective exploitation of the Citrix Netscaler box that was not fully patched for security vulnerabilities such as Citrix Bleed (CVE-2023-4966).

By effectively exploiting CVE 2023 4966, an attacker can bypass even strong passwords and multi-factor authentication (MFA) making it highly dangerous.

According to the CISA, the vulnerability has been actively being exploited by many cyber criminals in active targeted campaigns in the earlier weeks. Many ransomware attackers have effectively exploited this vulnerability to engage in complex ransomware attacks.

The cl0p ransomware attack that has caused millions of business losses for hundreds of businesses across the globe was also carried out using the CVE 2023 47246 vulnerability. An IT service company reported the presence of the vulnerability in their service management software SysAid on the same day as the ICBC attack.

The SysAid IT service management software allows users to monitor and control servers and computers remotely. SysAid has asked its users to install the latest version of their software since it comes with all the fixes and patches for the said vulnerability that is actively being exploited.

Experts are suggesting that effective exploitation of the SysAid vulnerability could further escalate to wide-scale attacks such as supply chain attacks.

Comments

Popular posts from this blog

SharkStriker | Your threat striking company

Top 10 most common types of cyber attacks.

Top 10 cybersecurity risks and threats for the banking sector in 2024