A ransomware attack on the US unit of the Industrial and Commercial Bank of China (ICBC) has sent ripples through global financial markets.
The intensity of the attack was so grave that it raised concerns among officials and regulators about the disruptions in business inflicted by major hacks. The unprecedented cyberattack explains that even well-established companies are vulnerable to online threats.
ICBC Financial Services is a subsidiary of the world’s largest bank in terms of assets, located in New York.
While recovery efforts are being carried out in full swing, the incident raises questions about the existing lines of defense against online attacks, particularly when it comes to a sensitive sector like finance.
A spokesperson of the FS-ISAC, a group dedicated to sharing cyberthreat intelligence, focused on the importance of staying up-to-date on all protective measures and patching critical vulnerabilities at the earliest.
ICBC Financial Services Responds to the Attack
In a statement, ICBC Financial Services stated that it had managed to clear US Treasury trades executed before the online attack was carried out.
However, the organization said that the process of recovery is underway. It may take days for the institution to resume its normal business operations. Other financial institutions, including BNY Mellon, have been settling trades manually following the cyberattack.
A senior cybersecurity executive from a major US financial institution, speaking anonymously, stated, “We’re taking a look at the response and the broader impact given ICBC’s size and role in the global financial sector”.
LockBit Claims Responsibility for The Cyber Attack
The responsibility for the cyberattack has been claimed by the LockBit, a cybercriminal group. The members of this group are primarily Russian. However, its affiliates are located in other countries, too, including China.
The audacity of targeting such a significant financial institution may have consequences, potentially inviting the wrath of the Chinese government.
In 2022, LockBit was the most extensively used ransom across the world.
Allan Liska, a ransomware expert working with Recorded Future, highlighted the geopolitical implications of the incident.
He stated that China may reach out to the Russian government, demanding action, if they consider the incident as a black eye. This may deteriorate the relationship between the two countries, resulting in greater scrutiny of the malicious players behind the group.
The financial industry faces new challenges with these incidents of ransomware attacks. Even advanced security programs are falling short of matching the sophistication of hacking techniques combined with security solutions.
LockBit has been targeting established companies to extort high amounts of ransom, and this type of attack has become a trend.
As global financial institutions struggle to come up with adequate countermeasures against cyber threats, it remains to be seen how the banking sector copes with the challenges.