Cybersecurity Alert: Major US Bank Subsidiary Hit by Ransomware Attack
The US financial sector is on high alert following a significant ransomware attack on the American unit of the Industrial and Commercial Bank of China (ICBC), one of the world's largest banks. This attack, resulting in operational disruptions, highlights the evolving cyber threat landscape even for well-equipped organizations.
The attack on New York-based ICBC Financial Services, a subsidiary of the Chinese state-owned banking giant, has sparked urgent coordination among US and Chinese officials, regulators, and the financial sector to assess and mitigate the threat. The Financial Services Information Sharing and Analysis Center (FS-ISAC), a key player in sharing cyberthreat intelligence among major banks, has been actively disseminating information about the attack.
According to Jon Miller, CEO of US cybersecurity firm Halcyon, the sophistication of ransomware attacks poses a significant challenge, even to sectors with advanced cybersecurity measures like banking and finance. The financial sector, traditionally robust against cyber threats, is now confronting new vulnerabilities introduced by ransomware.
The ransomware incident at ICBC Financial Services has disrupted the company's normal operations, impacting its US Treasury trades and repurchase agreement financing. The bank acknowledged ongoing recovery efforts in a statement on its website.
The extent of the disruption became apparent when BNY Mellon, a major financial institution, resorted to manually processing Treasury trades with the affected ICBC unit. An individual familiar with the situation confirmed that ICBC Financial is temporarily disconnected from BNY Mellon's Treasury settlement platform due to the cyberattack.
LockBit, a notorious cybercriminal group with Russian-speaking members and international affiliates, has claimed responsibility for the attack. While the exact affiliate behind the attack remains unidentified, cybersecurity researchers suspect involvement from a China-based partner.
The attack's bold targeting of a prominent financial entity might backfire, drawing scrutiny from the Chinese government. Allan Liska, a ransomware expert at cybersecurity firm Recorded Future, noted that this could lead to diplomatic pressure on Russia, where LockBit is believed to operate, to take action against the group.
This latest cyber incident echoes past disruptive attacks on US banks, such as those attributed to Iran over a decade ago. These events catalyzed the financial sector's multi-billion-dollar investment in cybersecurity defenses. For instance, JPMorgan Chase annually invests $600 million in cybersecurity.
Despite these investments, ransomware groups like LockBit continue to pose significant threats by targeting large, influential companies for extortion. LockBit was the most frequently used ransomware globally in 2022, as per US cybersecurity officials.
The FBI and the federal Cybersecurity and Infrastructure Security Agency (CISA) have been approached for comments regarding the investigation into this incident, while the Treasury Department has yet to respond.
This attack underscores the critical need for continued vigilance and robust cybersecurity measures across all sectors, particularly in finance, where the impact of such attacks can have wide-ranging consequences.