2023-11-11 06:49:00
The US financial services division of the Chinese bank ICBC was hit on Friday by a ransomware-type cyber attack that would have disrupted transactions with US Treasury securities, reports CNBC.
EspionagePhoto: Mario Martija Sevilla / Alamy / Profimedia Images
Industrial and Commercial Bank of China, the world’s largest bank by assets, announced that its financial services subsidiary, called ICBC Financial Services, was targeted by a ransomware attack “which resulted in the disruption of certain systems.” . Immediately following discovering the attack, ICBC “isolated the affected systems to contain the incident,” the state-owned bank said.
Ransomware is a type of cyber attack in which hackers take control of systems or information and release it only following the victim has paid a ransom. It’s a type of attack that has seen an explosion in popularity among bad actors in recent years.
ICBC did not reveal who was behind the attack, but said it had “conducted a thorough investigation and recovery efforts with the support of its professional team of information security experts are progressing”.
ICBC said it “successfully cleared” the US Treasury securities trades made on Wednesday and the repo financing trades made on Thursday. A repo is a repurchase agreement, a type of short-term loan for government bond dealers. However, several news outlets reported that there was a disruption in transactions with the US Treasury.
The Financial Times wrote on Friday, citing traders and banks, that the ransomware attack prevented the ICBC division from settling treasury trades on behalf of other market participants.
The US Treasury Department told CNBC: “We are aware of the cybersecurity issue and are in regular contact with key participants in the financial sector, in addition to federal regulators. We continue to monitor the situation.”
ICBC said its US financial services division’s email and business systems operate independently of ICBC’s China operations.
The systems of its head office, ICBC’s New York branch and other affiliated institutions domestically and abroad were not affected by the cyber attack, ICBC said.
What did the Chinese government say?
Wang Wenbin, a spokesman for China’s Ministry of Foreign Affairs, said on Friday that ICBC was working to minimize the impact and losses following the attack, according to Archyde.com. Speaking at a press conference, Wang said that ICBC has paid special attention to the issue and handled emergency response and supervision well, according to the Archyde.com article.
What is known regarding the ransomware attack?
No one has yet claimed responsibility for the attack, and ICBC has not said who might be behind it.
In the world of cyber security, finding out who is behind a cyber attack is often very difficult due to the techniques hackers use to mask their locations and identities. But there are clues regarding what kind of software was used to carry out the attack.
Marcus Murray, the founder of the Swedish cyber security company Truesec, said that the ransomware used is called LockBit 3.0. Murray said the information came from sources with ties to Truesec, but he might not reveal who those sources were for confidentiality reasons.
The Financial Times reported, citing two sources, that LockBit 3.0 was the software behind the attack.
CNBC might not independently verify the information.
This type of ransomware can make its way into an organization in many ways. For example, when someone clicks on a malicious link in an email. Once inside, its purpose is to extract sensitive information regarding a company.
VMware’s cybersecurity team said in a blog post last year that LockBit 3.0 is “a challenge for security researchers because each instance of the malware requires a unique password to run without which analysis is extremely difficult or impossible”. The researchers added that the ransomware is “strongly protected” once morest analysis.
The US government’s Cybersecurity and Infrastructure Agency calls LockBit 3.0 “more modular and evasive,” making it harder to detect. LockBit is the most popular strain of ransomware, accounting for regarding 28 percent of all known ransomware attacks from July 2022 to June 2023, according to data from cybersecurity firm Flashpoint.
What is LockBit?
LockBit is the group behind the software. Its business model is known as “ransomware-as-a-service”. It effectively sells its malicious software to other hackers, known as affiliates, who then continue to carry out the cyber attacks. The leader of the group goes by the online name of “LockBitSup” on dark web hacking forums.
“The group posts primarily in Russian and English, but according to its website, the group claims to be located in the Netherlands and not politically motivated,” Flashpoint said in a blog post.
The group’s malware is known to target small and medium-sized businesses.
LockBit has previously claimed responsibility for ransomware attacks on Boeing and the UK’s Royal Mail.
In June, the US Department of Justice indicted a Russian national for his involvement in “conducting numerous LockBit ransomware and other cyberattacks” once morest computers in the US, Asia, Europe and Africa.
“LockBit actors have executed more than 1,400 attacks once morest victims in the United States and around the world, issuing over $100 million in ransom demands and receiving at least tens of millions of dollars in actual ransom payments made in the form of bitcoin,” the Department of Justice said in a June press release. (Source: News.ro)
1699690334
#worlds #largest #bank #hit #ransomware #cyber #attack