The ransomware group, Hunters International, has reportedly claimed responsibility for a breach at the London branch of the Industrial and Commercial Bank of China (ICBC), one of China’s largest state-owned banks.
According to the group, they have exfiltrated 6.6 terabytes of data, comprising over 5.2 million files. The gang was given a ransom deadline of 13 September 2024 and threatened to release the stolen data if their demands are not met.
Potentially Catastrophic Exposure
Ted Miracco, CEO of Approov, says financial entities house and manage highly sensitive data, and a breach of this magnitude could result in heavy fines and penalties or even lawsuits from affected customers and businesses.
ICBC—the world’s largest bank by assets—holds vast financial data, making any potential exposure catastrophic.
“If Hunters publish ICBC’s data, it will lead to severe legal and compliance breaches, especially in regions with stringent financial and data privacy regulations, such as the EU’s GDPR or the UK’s Data Protection Act,” Miracco adds.
Hunters International, a relatively new group that emerged after the disruption of the Hive ransomware group in late 2023, has rapidly gained notoriety. This year alone, they claim to have breached over 134 entities globally, targeting many sectors, including financial services.
The group uses advanced tactics, including deploying sophisticated malware like the SharpRhino RAT, which allows them to infiltrate corporate networks undetected.
Disrupting the Economic Model
Evan Dornbush, former NSA cybersecurity expert, says: “This is a timely reminder that organizations should continually question the effectiveness of their cybersecurity measures lest they, too, be caught in a vicious cycle of reactive spending while failing to address the root causes of these attacks.
Dornbush says throwing more money at security solutions isn’t working, and the time could be ripe for the industry to consider shifting its focus to disrupting the economic model of ransomware groups instead of dealing with the fallout of their attacks.
The Prevalence of RaaS
Miracco adds that this attack by Hunters underscores the prevalence of ransomware-as-a-service (RaaS), where groups like this operate with increasing efficiency. “The involvement of RaaS models lowers the bar for cybercriminals, enabling them to outsource sophisticated ransomware attacks and focus on large, lucrative targets such as banks.”
The security of mobile applications and APIs must be strengthened to protect financial data, as these are often targeted as points of entry for ransomware attacks. “However, organizations have demonstrated their capability to compromise even large and presumably secure institutions like ICBC because API security vulnerabilities remain largely unaddressed,” Miracco says.
Speaking of the culprits, Miracco says that Hunters doesn’t target Russian firms, suggesting a potential association with Russia’s safe harbor policy for cybercriminals operating within its borders.
“This geopolitical dynamic is common with ransomware gangs, especially those with links to Russia, which often avoid targeting domestic organizations to stay under government protection. Ransomware attacks focused on extortion for financial gain are a hallmark of many Russia-based cybercrime,” Miracco explains.
Comprehensive Security
In response to this escalating threat, businesses are advised to adopt comprehensive security strategies, perform regular data backups, and train employees to recognize phishing attempts and other cyber risks.
The global financial community is closely monitoring how ICBC manages this breach, as it could have far-reaching consequences for the industry.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.