World's biggest bank ICBC hit by cyber attack

The incident, which forced the Chinese lender to use USB sticks to carry out trades, is believed to have been carried out by ransomware group Lockbit

The Industrial and Commercial Bank of China said it 'immediately' took action upon discovering the cyber attack. Reuters
Powered by automated translation

The Industrial and Commercial Bank of China, the world's biggest lender, was hit by a cyber attack that caused disruption in US Treasury markets and forced traders to conduct transactions using USB sticks.

The attack, which was first reported by the Financial Times, was launched against Beijing-based ICBC's financial services unit and is suspected to have been carried out by underground organisation LockBit, one of the active ransomware groups globally, Bloomberg reported, citing sources.

ICBC Financial Services confirmed the attack on its website, saying it had “resulted in disruption to certain FS [financial services] systems”.

While the attack was discovered late on Thursday, the bank it was able to “successfully” clear US Treasury trades executed on Wednesday and repo financing trades the following day, it said in a notice on its website. Time magazine reported that traders used USB sticks to carry out those trades.

“ICBC FS's business and email systems operate independently of the Industrial and Commercial Bank of China Group,” it said.

“The systems of the ICBC head office and other domestic and overseas affiliated institutions were not affected by this incident, nor was the ICBC New York branch.”

The company “immediately” took action when the cyber attack was discovered, having “disconnected and isolated impacted systems to contain the incident” and reporting the incident to law enforcement while co-ordinating with cyber security experts.

ICBC did not specify the scope of the damage and which data has been potentially compromised.

A “thorough investigation” is under way, and the bank is “progressing its recovery efforts with the support of its professional team of information security experts”.

Cyber attacks continue to become more sophisticated and advanced, especially in today's digital age in which hackers focus on unsuspecting users who are immersed in technology more than ever, and can cause financial and reputational damages.

In particular, ransomware – a type of malicious software that takes over a system and demands a payment for it to be restored – continues to grow, compared with 10 years ago, cyber security services company Group-IB had previously said.

More than 72 per cent of businesses globally have been affected by ransomware attacks as of 2023, growing steadily over the past six years, data from Statista shows.

LockBit is the group responsible for similar cyber attacks on other major organisations in the past year, including US plane maker Boeing, the UK's Royal Mail and Ion Trading.

It has been labelled as “the most active ransomware group” and its software has been the most dominant strain of ransomware from July 2022 to June 2023, the latest data from US cyber security company Flashpoint shows.

During that period, LockBit accounted for about 28 per cent of all ransomware attacks, with the number of victims at 1,046 – about four times more than the victims of the next biggest group, BlackCat, Washington-based Flashpoint said.

Cyber risks in the AI age: Business Extra

Cyber risks in the AI age: Business Extra

“LockBit has established itself as a prolific ransomware group that maintains a relatively low profile despite the volume of attacks it carries out,” Flashpoint said.

“They are particularly aggressive towards organisations within the manufacturing and infrastructure sectors, though they have demonstrated a willingness to attack a wide range of industries.”

LockBit has also been ranked top of the biggest ransomware groups by Israel-based cyber security company CyberInt, which described the third quarter of 2023 as a “new record” for the ransomware industry.

The US and business services remained the biggest targets of ransomware operators at a country and sector level, respectively, CyberInt said.

Updated: November 10, 2023, 7:18 AM