Last Thursday, the world’s largest bank managed trades in the biggest market using a USB stick.
The US unit of the Industrial & Commercial Bank of China (ICBC) faced a cyberattack, leaving it unable to process a significant portion of US Treasury trades.
The entities responsible for settling these transactions promptly disconnected from the affected systems. As a result, a disruption occurred in the clearing of a large volume of trades.
In response, ICBC had to send settlement details to involved parties using a messenger with a thumb drive.
The state-owned lender hurried to contain the damage caused by the cyberattack.
Late Thursday, the bank confirmed it had encountered a ransomware attack the day before, disrupting some systems at its ICBC Financial Services unit.
The company reported that it isolated the affected systems, clarifying that the bank’s head office and other overseas units were not impacted. Additionally, ICBC’s New York branch remained unaffected.
ICBC Cyberattack fallout
Following the cyberattack, market participants described a workaround. The suspected perpetrator, Lockbit, a criminal gang with ties to Russia, has been linked to hits on Boeing Co., ION Trading UK, and the UK’s Royal Mail.
The strike caused instant disruption as market-makers, brokerages, and banks had to redirect trades.
Many were uncertain about when access would be restored.
This incident highlights a concern that keeps bank leaders awake at night – the possibility of a cyberattack crippling a crucial part of the financial system’s infrastructure, triggering a chain reaction of disruptions.
Even brief episodes prompt bank leaders and their government overseers to advocate for increased vigilance.
“This is a genuine shock to large banks worldwide,” stated Marcus Murray, founder of the Swedish cybersecurity firm Truesec.
“The ICBC hack will prompt large banks globally to enhance their defenses, starting today,” said Truesec.
ICBC responds strategically: Cyberattack mitigation measures and Government collaboration
As details of the attack surfaced, employees at the bank’s Beijing headquarters convened urgent meetings with the lender’s US division.
They promptly notified regulators while discussing the next steps and assessing the impact, as reported by a person familiar with the matter.
In light of the potential risks of further attacks on other units, ICBC is contemplating seeking assistance from China’s Ministry of State Security, according to the same source.
During a regular briefing on Friday in Beijing, Wang Wenbin, a spokesman for the Chinese Foreign Ministry stated, “ICBC is closely monitoring the cyberattack and will implement emergency response measures.”
Wang mentioned that the bank will undertake appropriate supervision and communication measures to minimize the risks, impact, and losses.
ICBC cyberattack impact on Treasury Markets and beyond
The full extent of the disruption wasn’t immediately clear, but participants in the Treasury market reported that liquidity was affected.
The Securities Industry and Financial Markets Association (SIFMA) conducted calls with its members to address the matter.
ICBC Financial Services (ICBC FS) provides services such as fixed-income clearing, Treasuries repo lending, and certain equities securities lending.
According to its latest annual filing with US regulators, the unit had $23.5 billion of assets at the end of 2022.
This attack is the latest incident to disrupt portions of the global financial system.
Rising threats of cyberattacks and global financial vulnerabilities
ICBC, the world’s largest lender by assets, has acknowledged enhancing its cybersecurity in recent months.
The bank emphasized the growing challenges posed by potential attacks, particularly with the expansion of online transactions, the adoption of new technologies, and the trend toward open banking.
In its interim report in September, ICBC stated that the bank actively responded to new challenges of financial cybersecurity.
Still, it cannot manage to stop a cyberattack. Defense mechanisms only reduce the risk but are not fully secure from cyberattacks.
Ransomware attacks against Chinese firms seem uncommon, partly due to China’s ban on crypto-related transactions, as noted by Mattias Wåhlén, a threat intelligence specialist at Truesec.
This makes it more challenging for victims to pay the ransom since it is often demanded in cryptocurrency, offering greater anonymity in such transactions.
Reportedly, eight months ago, ION Trading UK, a relatively unknown company serving derivatives traders globally, experienced a ransomware attack.
This incident paralyzed markets, compelling trading shops that handle hundreds of billions of dollars in transactions daily to process deals manually.
These incidents have put financial institutions on high alert.