Attack On Chinese Bank Disrupts Financial Trading

The US financial services division of the Industrial and Commercial Bank of China reported on Thursday 10th November that its financial services arm, called ICBC Financial Services, experienced a ransomware attack that caused disruption to a number of its systems. 

ICBC said it was investigating the attack that disrupted some of its systems and making progress towards recovering from it, however, sources have reported there was disruption to trading in certain financial instruments.

In particular, the ransomware attack prevented the ICBC US division from settling US Treasury trades.

China’s foreign ministry said on Friday 10th November that the lender was striving to minimise risk impact and losses after the attack. Immediately after discovering the hack, ICBC “isolated impacted systems to contain the incident,” the state-owned bank said. ICBC has not said who was behind the attack but it did say has been “conducting a thorough investigation and is progressing its recovery efforts with the support of its professional team of information security experts.”

While nobody has claimed responsibility for the attack here are clues about what kind of software was used to carry out the attack. According to sources, the ransomware used in the attack is LockBit 3.0 - a persistent type of malware used to exfiltrate confidential data.

Different iterations of LockBit can rapidly infect corporate networks, typically someone clicking on a malicious link in an email.  

ICBC said it “successfully cleared” US Treasury trades and repo financing trades done on Thursday 10th Nov. A repo is a repurchase agreement, a type of short-term borrowing for dealers in government bonds. However, multiple news outlets reported there was disruption to US Treasury trades and that the ransomware attack prevented the ICBC division from settling Treasury trades on behalf of other market participants.

A spokesman for China’s Ministry of Foreign Affairs, has said that ICBC is striving to minimise the impact and losses after the attack and ICBC has not commented on whether Lockbit was behind the hack.

ICBC has said it is working with law enforcement concerning the attack and US and Chinese Government officials have discussed the attack ahead of a forthcoming regional economic summit.

CNBC:   ICBC:     APNews:   WSJ:      Guardian:    FT:     Reuters:    CybersecurityDive:  

You Might Also Read: 

Cyber Security & The  Financial Services Industry;

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Global Law Firm Breached & Data Stolen
British Online Safety Act Is Now Law »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Identity Automation

Identity Automation

Identity Automation is a leading provider of Identity and Access Management software.

Auth0

Auth0

Auth0 is a cloud service that provides a set of unified APIs and tools that instantly enables single sign-on and user management for any application, API or IoT device.

Salt Security

Salt Security

Salt Security protects the APIs that are the core of every SaaS, web, mobile, microservices and IoT application.

Rublon

Rublon

Rublon protects endpoints, networks and applications by providing trusted access via two-factor authentication (2FA).

Bace Cybersecurity Institute (BCI)

Bace Cybersecurity Institute (BCI)

Bace Cybersecurity Institute focuses on understanding, empowering and taking action across four critical areas driving continual improvement toward a safer, more secure cyber world.

RiskXchange

RiskXchange

RiskXchange's cybersecurity risk rating solution helps businesses solve complex cybersecurity and compliance challenges by providing a 360-degree view of your cybersecurity posture.

VirtualArmour

VirtualArmour

VirtualArmour is a managed security services provider with global reach and local attitude.

Cipher

Cipher

Founded in 2000, Cipher is a global cybersecurity company that delivers a wide range of Managed Security Services.

FirstWave Cloud Technology

FirstWave Cloud Technology

FirstWave Cloud Technology is a global cyber security company which has been delivering Cybersecurity-as-a-service solutions to the market since 2004.

Panacea Infosec

Panacea Infosec

Panacea Infosec is a leading provider of information security compliance services. We help our clients in protecting their data, reducing security risks and fighting cybercrime.

Armo

Armo

Armo technology enhances any Kubernetes deployment with security, visibility, and control from the CI/CD pipeline through production.

Numen Cyber Technology

Numen Cyber Technology

Numen Cyber Technology is committed to becoming a Threat Discovery and Response expert for corporate customers.

Hive

Hive

Hive is a leading provider of cloud-based AI solutions to understand, search, and generate content, and is trusted by hundreds of the world's largest and most innovative organizations.

Amtivo Group

Amtivo Group

Amtivo provides Certification, Inspection and Training services to national and local Government bodies, multi-nationals, enterprise clients and SMEs.

PriorityZero

PriorityZero

PriorityZero is a European company focused on remote security assessments and consulting services that operates on a global scale.

Socket

Socket

Socket protects software applications and critical services from malware and security threats originating in open source code.