ICBC attack yet another wake-up call for MENA financial institutions

29 November 2023 5 min. read

On November 10, the world’s largest lender by assets, the Industrial and Commercial Bank of China (ICBC), announced that it had fallen victim to a cyber attack. The sophisticated ransomware attack disrupted ICBC’s operations and sent yet another learning to every financial institution in the world: the risk of cyber threats is real.

Perpetrated by the notorious LockBit ransomware group, the attack caused temporary ripples in the Treasury market. The ICBC was quick to react, and within hours the institution isolated impacted systems to contain the incident. ICBC reportedly then paid a ransom to the hacker group, after which operations resumed to business as usual within days.

Syed Sajjad, a Senior Manager at Ecovis Al Sabti, says that the incident has sent shockwaves through the financial world, including at institutions based in the Middle East.

ICBC attack yet another wake-up call for MENA financial institutions

According to Sajjad, the incident is a “wake-up call demonstrating the growing vulnerability of financial institutions to cyberattacks.”

Such incidents come at a hefty price tag. “The disruption hindered ICBC’s ability to process transactions, leading to temporary trading disruptions in the US treasury market,” says Sajjad. Beyond the ransom fee paid (the amount was not publicly disclosed), the incident also causes reputational damages and dents consumer trust.”

According to data from cybersecurity firm Flashpoint, LockBit is the most popular strain of ransomware, accounting for around 28% of all known ransomware attacks.

“While the specific method used by the LockBit group is still under investigation, and ICBC has not yet released any definitive information about how the attack was carried out, certain possibilities have emerged,” says Sajjad. “Reports suggest that the attackers may have gained access to ICBC’s systems through a phishing attack – a common method used by cybercriminals to trick people into revealing personal information or clicking on malicious links.”

“Another possibility is that the attackers exploited a vulnerability in ICBC’s software or operating systems.”

Lessons for the Middle East

Sajjad emphasizes that Middle East-based financial institutions should be on their guard for similar threats. According to data from McAfee, both the probability as well as impact of cyber attacks in the Middle East has been on a steep rise for years. With the region’s economy increasingly shifting to digital ways of working, the risk is anticipated to grow further in the years ahead.

“Financial institutions are prime targets for cyberattacks due to the sensitivity of their data and the potential for significant disruption to financial systems and markets,” he says.

“The lesson is clear: financial institutions need to strengthen their cybersecurity posture, adopting robust protective measures to safeguard their valuable assets and fostering a culture of cybersecurity awareness.”

Regulators are working hard to guide the sector towards more robust digital frontiers. In Saudi Arabia for instance, the National Cybersecurity Authority (NCA), the Saudi Arabian Monetary Authority (SAMA)'s Cybersecurity Framework (CSF), and the National Data Management Office (NDMO) are working collaboratively to strengthen defences against evolving cyber threats.

“They are providing comprehensive cybersecurity guidance and fostering industry-wide collaboration to enhance cyber resilience,” says Sajjad.

Suggestions for shielding against similar attacks

To safeguard against ransomware attacks, Sajjad contests it is vital for financial institutions to implement a range of proactive cybersecurity strategies and maintain robust cyber hygiene practices.

“Establishing an integrated security framework is the cornerstone of effective cybersecurity. Such a framework should include continuous vulnerability management/system updates, patch management, compromise assessments, threat modelling, and penetration testing, allowing for a proactive stance in identifying and mitigating vulnerabilities.”

“The effective implementation of a robust security framework is crucial for safeguarding an institution’s valuable assets and maintaining a resilient digital posture.”

Efficient practices identified by Ecovis Al Sabti in its work with financial services clients include the implementation of stringent cyber hygiene practices such as effective safe online practices, heightened email security awareness, and password management. Regularly conducting phishing tests and training employees to identify, report, and handle suspicious activities are crucial components.

“Regular independent cybersecurity assessments and audits play a critical role in ensuring the effectiveness of these security measures.”

Integrating a business continuity program (BCP) with strategies specifically tailored to ransomware attacks is a vital defensive measure. These strategies should outline clear procedures for data recovery and restoring operations after an attack. Similarly, integrating disaster recovery into business resilience plans is crucial. This involves identifying critical assets, maintaining regular backups, conducting incident response drills, and keeping plans current.”

Concluding, Sajjad states: “The significance of cybersecurity in today's digital age, underscored by incidents like the ICBC attack, cannot be overstated. Financial institutions must prioritise cybersecurity, developing a culture of awareness and vigilance to protect their data, assets, and reputation. This approach transcends technology, incorporating a strategy that includes people, processes, and technology for effective cyber threat mitigation.”