The world’s biggest bank had to trade via USB stick after attack

The extent of the disruption wasn’t immediately clear, though Treasury market participants reported liquidity was affected. The Securities Industry and Financial Markets Association, or Sifma, held calls with members about the matter Thursday.

ICBC FS offers fixed-income clearing, Treasuries repo lending and some equities securities lending. The unit had $US23.5 billion ($37 billion) of assets at the end of 2022, according to its most recent annual filing with US regulators.

The attack is only the latest to snarl parts of the global financial system. Eight months ago, ION Trading UK — a little-known company that serves derivatives traders worldwide — was hit by a ransomware attack that paralysed markets and forced trading shops that clear hundreds of billions of dollars of transactions a day to process deals manually. That has put financial institutions on high alert.

ICBC, the world’s largest lender by assets, has said it’s been improving its cybersecurity in recent months, highlighting increased challenges from potential attacks amid the expansion of online transactions, adoption of new technologies and open banking.

Loading

“The bank actively responded to new challenges of financial cybersecurity, adhered to the bottom line for production safety and deepened the intelligent transformation of operation and maintenance,” ICBC said in its interim report in September.

Ransomware attacks against Chinese firms appear rare in part because China has banned crypto-related transactions, according to Mattias Wåhlén, a threat intelligence specialist at Truesec. That makes it harder for victims to pay ransom, which is often demanded in cryptocurrency because that form of payment provides more anonymity.

But the latest attack likely exposes weaknesses in ICBC’s defences, Wåhlén said.

“It appears ICBC has had a less effective security,” he said, “possibly because Chinese banks have not been tested as much as their Western counterparts in the past.”

Record levels

Ransomware hackers have become so prolific that attacks may hit record levels this year.

Blockchain analytics firm Chainalysis had recorded roughly $US500 million of ransomware payments through the end of September, an increase of almost 50 per cent from the same period a year earlier. Ransomware attacks surged 95 per cent in the first three quarters of this year, compared with the same period in 2022, according to Corvus Insurance.

‘This is a true shock to large banks around the world. The ICBC hack will make large banks around the globe race to improve their defences, starting today.’

Marcus Murray, the founder of Swedish cybersecurity firm Truesec

In 2020, the website of the New Zealand Stock Exchange was hit by a cyberattack that throttled traffic so severely that it couldn’t post critical market announcements, forcing the entire operation to shut down. It was later revealed that more than 100 banks, exchanges, insurers and other financial firms worldwide were targets of the same type of so-called DDoS attacks simultaneously.

Caesars Entertainment, MGM Resorts International and Clorox are among companies that have been hit by ransomware hackers in recent months.

ICBC was struck as the Securities and Exchange Commission works to reduce risks in the financial system with a raft of proposals that include mandating central clearing of all US Treasuries. Central clearing platforms are intermediaries between buyers and sellers that assume responsibility for completing transactions and therefore prevent a default of one counterparty from causing widespread problems in the marketplace.

Loading

The incident underscores the benefits of central clearing in the $US26 trillion market, said Stanford University finance professor Darrell Duffie.

“I view it as one example of why central clearing in the US Treasuries market is a very good idea,” he said, “because had a similar problem occurred in a not-clearing firm, it’s not clear how the default risk that might result would propagate through the market.”