Subj : China's largest bank hit by ransomware attack
To   : All
From : TechnologyDaily
Date : Fri Nov 10 2023 15:45:05

China's largest bank hit by ransomware attack

Date:
Fri, 10 Nov 2023 15:37:19 +0000

Description:
LockBit used a well-documented vulnerability called CitrixBleed to hit ICBC, 
researchers claim.

FULL STORY
======================================================================

ICBC, the largest bank in China, suffered a devastating ransomware attack 
which disrupted its financial services (FS) systems, with a knock-on effect 
of affecting US Treasury markets, and sending ripples across the global 
financial world. 

Multiple news outlets reported that ICBC was attacked by LockBit, a 
ransomware operation with possible ties to Russia. However, as LockBit is a 
ransomware-as-a-service operation, the culprits could actually be any one of 
its affiliates. 

It's not yet known how much money the attackers are demanding in exchange for 
the decryption key, or if they managed to steal any sensitive data during the 
attack. 

 Reader Offer: $50 Amazon gift card with demo 
 Perimeter 81's Malware Protection intercepts threats at the delivery stage 
to prevent known malware, polymorphic attacks, zero-day exploits, and more. 
Let your people use the web freely without risking data and network security. 

 Preferred partner ( What does this mean? ) CitrixBleed 

A notice on the ICBC website says that upon noticing the incident, ICBC FS 
disconnected and isolated impacted systems to contain the incident," adding 
that an investigation was underway, as well as recovery efforts. ICBCs 
financial services business and email systems operate independently from the 
bank, as well as overseas affiliates which didnt seem affected by the attack. 

Cybersecurity researcher Kevin Beaumont argues that the attackers leveraged a 
known vulnerability in Citrix Netscaler boxes, called CitrixBleed, to move 
past any authentication protocols. CitrixBleed is tracked as CVE-2023-4966 
and carries a severity score of 9.4. It was patched a month ago. In the time 
after the release of the patch, both Citrix and other security firms warned 
about the vulnerability being abused in the wild. Even CISA sounded the 
alarm, saying ransomware actors were abusing it, and urging users to apply 
the patch immediately. 

As per the Financial Times, the attack disrupted US Treasury markets, too. 
The US Securities Industry and Financial Markets Association (SIMFA) told 
their members the attack could block trade settling on behalf of other market 
players, The Register reported. Some equity traders werent able to place, or 
clear, trades, other media reported. 

Ransomware operators have been getting bolder, lately. In fact, with more 
than 500 recorded attacks, September was a record month. 

 Via The Register More from TechRadar Pro Ransomware, AI, and social 
engineering all set to be 2024's biggest security threats Here's a list of 
the best firewalls today These are the best endpoint protection tools right 
now



======================================================================
Link to news story:
https://www.techradar.com/pro/security/chinas-largest-bank-hit-by-ransomware-a
ttack


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.