Ransomware hit ICBC, the Industrial and Commercial Bank of China, the world’s largest bank. The data breach notice looks eerily similar to that of other corporations.
Ransomware Attacker
LockBit, the ransomware gang some claim has Russian ties, seems to be the top suspect in this attack.
Attack Vector
Hackers exploited a Citrix NetScaler Gateway which did not have a critical patch applied at the time of the attack.
The NetScaler vulnerability allows bad actors to bypass authentication and cause serious damage to underlying systems and data.
Attack Response
As is normal, the victim responded by promising they isolated the problem. Also, the bank pledged to make security a higher priority in the future. Of course.
Isn’t it better to have adequate security in place to begin with (in this case, applying patches) rather than fall back on USB sticks and messengers to handle trades?