This week:

3 – A ransomware attack on China’s biggest bank

2 – Don’t just worry about your regulators. Worry about your insurers.

1 – If you are going on a BOOKING.COM holiday, watch out for the phish.


3 – Ransomware attack on ICBC

“The [US arm of] Industrial and Commercial Bank of China’s (ICBC), [China’s largest bank], was hit by a ransomware attack that disrupted trades in the U.S. Treasury on Thursday”

This is according to a report on Reuters. “Several ransomware experts and analysts said an aggressive cybercrime gang named Lockbit was believed to be behind the hack”. A post on LinkedIn suggests the attackers took advantage of a Citrix NetScaler system that was not running up-to-date software. Apparently, the attack prevented the bank from settling trades for a period on Thursday, but “ICBC said it had successfully cleared Treasury trades executed on Wednesday and repurchase agreements (repo) financing trades done on Thursday.”

So what? While it’s early days, it sounds look like the bank has been able to recover from the attack relatively quickly. In other words, it sounds like their incident response and/or operational resilience worked well, even if their patch management didn’t. Getting attacked by ransomware is not a good news story. But recovering from the attack quickly is a good ending (assuming this is the end!)


2 – Don’t just worry about your regulators. Worry about your insurers.

“An unlikely new entity is joining the regulatory bodies to raise the bar for cybersecurity: the cyber insurer.”

That’s according to a recent article on Dark Reading (and shared by Gary Hayslip). The article goes on to say “Self-assessment questionnaires are getting more detailed as underwriters seek to understand the applicant’s security posture [..] Current self-assessment surveys ask surprisingly challenging questions and cover a wide set of fields from backups to AD security to MFA. [..] Most organizations can say they have some of these strategies in place, but rarely can they tick every box. [..] Failing to invest might mean denial of cyber-insurance coverage or significantly more expensive premiums.”

So what? As my recent example of a Hiscox insurance application form demonstrated, insurers are no longer blindly providing cover to all applicants. Insurers can see the costs of attacks, and they can see the cost effectiveness of security measures like Multi-Factor Authentication and backups. Risk transfer is becoming a more expensive risk management strategy. The business case for risk mitigation (i.e. actually implementing pragmatic security defences) just got stronger.


1 – Going on a BOOKING.COM holiday? Watch out for the phish.

“The attackers’ message, sent to the guests via the platform and also by email from, contains a link that leads victims to a meticulously crafted phishing site”.

This is according to a report by Perception Point. This article was recently shared by Liam Halpin who has helped us all by telling us how he experienced the scam first-hand. The scam starts when a hotel’s account gets taken over by a cyber criminal. “With the official account in their hands, malicious actors access sensitive customer data: full names, booking dates, hotel details, and partial payment methods used to make the reservations on the platform. [..] Using the harvested data, attackers craft individualized messages [that are then sent within the app’s chat function and as an email from the genuine service]. These messages are designed with precision, using social engineering techniques to create a sense of urgency. Victims are informed that they need to provide their credit card details again as a verification “test,” with the threat of their booking being canceled within 24 hours looming, if they fail to comply.” Once victims enter their card details, the cyber criminals have their pay day.

So what? If your cyber security training only focuses on the threat from phishing emails, it’s time to widen the net. (pun intended!)