Add articles to your saved list and come back to them any time.<\/p>\n
Last week, trades handled by the world\u2019s largest bank in the globe\u2019s biggest market traversed Manhattan on a USB stick.<\/p>\n
Industrial & Commercial Bank of China Ltd.\u2019s US unit had been hit by a cyberattack, rendering it unable to clear swathes of US Treasury trades after entities responsible for settling the transactions swiftly disconnected from the stricken systems. That forced ICBC to send the required settlement details to those parties by a messenger carrying a thumb drive as the state-owned lender raced to limit the damage.<\/p>\n
<\/p>\n
The strike against Industrial & Commercial Bank of China\u2019s US unit caused immediate disruption as market-makers, brokerages and banks were forced to reroute trades, with many uncertain when access would resume.<\/span>Credit: <\/span>Bloomberg<\/cite><\/p>\n The workaround \u2014 described by market participants \u2014 followed the attack by suspected perpetrator Lockbit, a prolific criminal gang with ties to Russia that has also been linked to hits on Boeing Co., ION Trading UK and the UK\u2019s Royal Mail. The strike caused immediate disruption as market-makers, brokerages and banks were forced to reroute trades, with many uncertain when access would resume.<\/p>\n The incident spotlights a danger that bank leaders concede keeps them up at night \u2014 the prospect of a cyberattack that could someday cripple a key piece of the financial system\u2019s wiring, setting off a cascade of disruptions. Even brief episodes prompt bank leaders and their government overseers to call for more vigilance.<\/p>\n \u201cThis is a true shock to large banks around the world,\u201d said Marcus Murray, the founder of Swedish cybersecurity firm Truesec. \u201cThe ICBC hack will make large banks around the globe race to improve their defences, starting today.\u201d<\/p>\n As details of the attack emerged, employees at the bank\u2019s Beijing headquarters held urgent meetings with the lender\u2019s US division and notified regulators as they discussed next steps and assessed the impact, according to a person familiar with the matter. ICBC is considering seeking help from China\u2019s Ministry of State Security in light of the risks of potential attack on other units, the person said.<\/p>\n Late Thursday, the bank confirmed it had experienced a ransomware attack a day earlier that disrupted some systems at its ICBC Financial Services unit. The company said it isolated the affected systems and that those at the bank\u2019s head office and other overseas units weren\u2019t impacted, nor was ICBC\u2019s New York branch.<\/p>\n ICBC is closely following the cyberattack and will take \u201ceffective\u201d emergency response measures, Wang Wenbin, a spokesman for the Chinese Foreign Ministry, said at a regular briefing Friday in Beijing. The bank will engage in proper supervision and communication to minimise the risks, impact and losses, Wang said.<\/p>\n The extent of the disruption wasn\u2019t immediately clear, though Treasury market participants reported liquidity was affected. The Securities Industry and Financial Markets Association, or Sifma, held calls with members about the matter Thursday.<\/p>\n ICBC FS offers fixed-income clearing, Treasuries repo lending and some equities securities lending. The unit had $US23.5 billion ($37 billion) of assets at the end of 2022, according to its most recent annual filing with US regulators.<\/p>\n The attack forced ICBC to send settlement details by a messenger carrying a thumb drive on the streets of Manhattan as the China-owned lender raced to limit the damage.<\/span>Credit: <\/span>Bloomberg<\/cite><\/p>\n The attack is only the latest to snarl parts of the global financial system. Eight months ago, ION Trading UK \u2014 a little-known company that serves derivatives traders worldwide \u2014 was hit by a ransomware attack that paralysed markets and forced trading shops that clear hundreds of billions of dollars of transactions a day to process deals manually. That has put financial institutions on high alert.<\/p>\n ICBC, the world\u2019s largest lender by assets, has said it\u2019s been improving its cybersecurity in recent months, highlighting increased challenges from potential attacks amid the expansion of online transactions, adoption of new technologies and open banking.<\/p>\n \u201cThe bank actively responded to new challenges of financial cybersecurity, adhered to the bottom line for production safety and deepened the intelligent transformation of operation and maintenance,\u201d ICBC said in its interim report in September.<\/p>\n Ransomware attacks against Chinese firms appear rare in part because China has banned crypto-related transactions, according to Mattias W\u00e5hl\u00e9n, a threat intelligence specialist at Truesec. That makes it harder for victims to pay ransom, which is often demanded in cryptocurrency because that form of payment provides more anonymity.<\/p>\n But the latest attack likely exposes weaknesses in ICBC\u2019s defences, W\u00e5hl\u00e9n said.<\/p>\n \u201cIt appears ICBC has had a less effective security,\u201d he said, \u201cpossibly because Chinese banks have not been tested as much as their Western counterparts in the past.\u201d<\/p>\n Ransomware hackers have become so prolific that attacks may hit record levels this year.<\/p>\n Blockchain analytics firm Chainalysis had recorded roughly $US500 million of ransomware payments through the end of September, an increase of almost 50 per cent from the same period a year earlier. Ransomware attacks surged 95 per cent in the first three quarters of this year, compared with the same period in 2022, according to Corvus Insurance.<\/p>\n \u2018This is a true shock to large banks around the world. The ICBC hack will make large banks around the globe race to improve their defences, starting today.\u2019<\/p>\n In 2020, the website of the New Zealand Stock Exchange was hit by a cyberattack that throttled traffic so severely that it couldn\u2019t post critical market announcements, forcing the entire operation to shut down. It was later revealed that more than 100 banks, exchanges, insurers and other financial firms worldwide were targets of the same type of so-called DDoS attacks simultaneously.<\/p>\n Caesars Entertainment, MGM Resorts International and Clorox are among companies that have been hit by ransomware hackers in recent months.<\/p>\n ICBC was struck as the Securities and Exchange Commission works to reduce risks in the financial system with a raft of proposals that include mandating central clearing of all US Treasuries. Central clearing platforms are intermediaries between buyers and sellers that assume responsibility for completing transactions and therefore prevent a default of one counterparty from causing widespread problems in the marketplace.<\/p>\n The incident underscores the benefits of central clearing in the $US26 trillion market, said Stanford University finance professor Darrell Duffie.<\/p>\n \u201cI view it as one example of why central clearing in the US Treasuries market is a very good idea,\u201d he said, \u201cbecause had a similar problem occurred in a not-clearing firm, it\u2019s not clear how the default risk that might result would propagate through the market.\u201d<\/p>\n<\/p>\n
Record levels<\/h3>\n