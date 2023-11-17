In a startling development, one of the largest banks in the world has fallen victim to a devastating ransomware attack. Reports have surfaced claiming that the Industrial and Commercial Bank of China (ICBC), China’s leading state-owned bank, was recently targeted by a notorious ransomware gang.

This attack, which occurred on Wednesday evening, has sent shockwaves through the global financial market. The Securities Industry and Financial Markets Association, an influential trade group encompassing securities firms, banks, and asset management companies, even sent out a message to its members regarding the incident. Some trades on the U.S. Treasury market were allegedly unable to clear, raising serious concerns about the repercussions of this attack.

Although the ICBC, along with the Securities Industry and Financial Markets Association and the U.S. Treasury Department, have declined to comment on the matter, sources have pointed towards the LockBit ransomware gang as the culprits behind this malicious act. Known for their audacity and expertise, this group has been responsible for a series of high-profile attacks on governments, companies, and organizations throughout 2023, outstripping all other ransomware gangs in their level of activity.

In response to the attack, the ICBC informed several clients that a cybersecurity issue required them to reroute certain trades. This unprecedented action, alongside the emergency notice sent out by the bank, stating that the incident was impacting all of ICBC’s clearing customers and temporarily halting orders, underscores the severity of this cyber assault.

Cybersecurity researchers have also highlighted a critical vulnerability that may have been exploited by the ransomware gang. It appears that ICBC’s Citrix Netscaler box had not been patched for CVE-2023-4966, otherwise known as “CitrixBleed.” This flaw affects NetScaler ADC and NetScaler Gateway appliances, which are widely employed by companies for network traffic management. A concerning number of organizations, exceeding 5,000, have yet to address this vulnerability despite its potential to grant attackers unfettered access and control, effectively bypassing any authentication protocols.

The implications of this attack are far-reaching, extending beyond the ICBC and reaching the core of the global banking and finance system. Industry experts, such as Jon Miller, CEO of Halcyon, warn that the impact on worldwide financial markets could be profound, particularly since U.S. Treasuries play a pivotal role in these markets.

The incident serves as a stark reminder that critical infrastructure providers, such as those in the financial, manufacturing, healthcare, and energy sectors, continue to be prime targets for ransomware operators. These attackers prey on the urgency faced by victimized organizations to swiftly resolve the attacks and resume operations, which increases the likelihood of ransom payments being made.

As cybersecurity threats grow increasingly sophisticated and pervasive, it is essential for organizations across all industries to remain vigilant and adopt robust security measures to protect themselves from these malicious actors.

FAQ

What is ransomware?

Ransomware is a type of malicious software designed to encrypt a victim’s files or lock them out of their own systems. The attackers then demand a ransom payment in exchange for restoring access to the encrypted data or systems.

Who is the Industrial and Commercial Bank of China (ICBC)?

The Industrial and Commercial Bank of China (ICBC) is the largest bank in China and one of the largest banks in the world. As a state-owned bank, ICBC holds a prominent position in China’s financial industry.

What is the LockBit ransomware gang?

The LockBit ransomware gang is a notorious criminal group specializing in ransomware attacks. They have gained notoriety for carrying out numerous major attacks on governments, companies, and organizations. Their level of activity surpasses that of any other ransomware gang currently known.

What is CVE-2023-4966 (CitrixBleed)?

CVE-2023-4966, commonly referred to as CitrixBleed, is a critical vulnerability that affects Citrix NetScaler ADC and NetScaler Gateway appliances. It allows attackers to bypass authentication mechanisms and gain unauthorized access to network traffic.

