Regulators, governments try to assess fallout as suspected Russian cyberattack creates mayhem
The world's biggest bank is facing a unique challenge in the largest market on the planet after being forced to resort to moving trades across Manhattan using a physical USB drive.
The American branch of Industrial & Commercial Bank of China Ltd (ICBC)., the largest bank by assets globally, has been hit by a significant cyberattack. The incident left it reeling as it has tried to process numerous US Treasury trades. The entities in charge of settling these trades quickly severed their connections with the compromised systems. ICBC is the only Chinese broker with a securities trading license in the US.
As a result, ICBC has had to resort to an unconventional method: sending the necessary settlement information via a courier with a USB stick, in a frantic effort to mitigate the fallout.
Market insiders revealed that this makeshift solution was necessitated by an attack attributed to Lockbit, a notorious criminal group believed to have connections in Russia. This group is also suspected of targeting other major entities like Boeing Co., ION Trading UK, and the UK's Royal Mail. The attack on ICBC caused immediate turmoil, disrupting the usual flow of trades and leaving many in the dark about when normal operations would resume. Giant UK law firm Allen & Overy is also reported to be suffering today from an attack by the same group. “As a matter of priority, we are assessing exactly what data has been impacted, and we are informing affected clients,” a spokesperson told the Financials Times.
The incident has shone a light on a fear that haunts banking executives - the threat of a cyberattack that could potentially bring a critical segment of the financial infrastructure to its knees, triggering widespread disturbances. Even short-lived disruptions like this one prompt calls for increased vigilance from bank leaders and regulatory bodies. China’s foreign ministry announced that it was trying to mitigate risk and losses earlier today, while Britain's Financial Conduct Authority said it was "communicating with the relevant U.S. and UK authorities and firms to identify any impacts to UK financial services".
Marcus Murray, founder of the Swedish cybersecurity firm Truesec, told Bloomberg, “This is a true shock to large banks around the world,” emphasizing the urgency for banks globally to bolster their cyber defenses in response to the ICBC incident.
In Beijing, the headquarters of ICBC held emergency meetings with their US division, notifying regulators and deliberating on the next steps and the overall impact of the attack. There's talk of ICBC seeking assistance from China's Ministry of State Security, given the risk of similar attacks on other branches. "ICBC has been closely monitoring the matter and has done its best in emergency response and supervisory communication," China's foreign ministry spokesperson Wang Wenbin said.
ICBC confirmed the ransomware attack on its ICBC Financial Services unit the previous day, which disrupted some of its systems. The bank isolated the affected systems, ensuring that its main office and other international branches, including the New York branch, remained unaffected.
The full extent of the disruption remains unclear, but it has reportedly affected liquidity in the Treasury market. The Securities Industry and Financial Markets Association (Sifma) conducted discussions with its members regarding the issue. It is not apparent whether the attack contributed to the weak outcome of yesterday’s 30-year bond auction.
ICBC FS, known for its services in fixed-income clearing, Treasuries repo lending, and some equities securities lending, reported assets of $23.5 billion at the end of 2022, as per its latest annual filing with US regulators.
This attack is part of a growing trend of cyber incidents affecting the global financial system. For instance, eight months prior, ION Trading UK, a key player in derivatives trading, was hit by a ransomware attack that disrupted markets and forced manual processing of transactions worth hundreds of billions of dollars. This has put financial institutions on high alert.
ICBC has been focusing on enhancing its cybersecurity, especially in light of the increasing challenges posed by online transactions, the adoption of new technologies, and the concept of open banking. The bank's interim report in September stated: “The bank actively responded to new challenges of financial cybersecurity, adhered to the bottom line for production safety and deepened the intelligent transformation of operation and maintenance.”
In 2020, a cyberattack on the New Zealand Stock Exchange's website caused such severe traffic congestion that it had to shut down. This attack was part of a larger campaign targeting over 100 financial institutions worldwide with similar Distributed Denial of Service (DDoS) attacks.
Recent months have seen companies like Caesars Entertainment Inc., MGM Resorts International, and Clorox Co. fall victim to ransomware hackers.
The ICBC incident comes as the Securities and Exchange Commission (SEC) is working to mitigate risks in the financial system, including proposals for mandatory central clearing of all US Treasuries. Central clearing platforms, acting as intermediaries in transactions, can prevent a single counterparty's default from causing broader market issues.
Stanford University finance professor Darrell Duffie told Bloomberg that the attack served as a testament to the benefits of central clearing in the $26 trillion market. He remarked, “I view it as one example of why central clearing in the US Treasuries market is a very good idea,” highlighting the potential risks of default in non-clearing firms and their impact on the market.
