The Industrial & Commercial Bank of China Ltd.’s US unit, the world’s largest bank, fell victim to a cyberattack that disrupted its ability to clear US Treasury trades. The attack, believed to be carried out by the Lockbit criminal gang with ties to Russia, caused the bank to resort to a manual workaround by sending settlement details on a USB stick carried by a messenger. This incident highlights the vulnerability of the financial system to cyberattacks and has prompted calls for increased vigilance from bank leaders and regulators.
The attack on ICBC follows previous cyberattacks by Lockbit on companies such as Boeing, ION Trading UK, and the UK’s Royal Mail. The immediate disruption caused market-makers, brokerages, and banks to reroute trades, with uncertainty surrounding when access would be restored.
Marcus Murray, the founder of cybersecurity firm Truesec, described the ICBC hack as a wake-up call for large banks worldwide, urging them to improve their defenses. In response to the attack, ICBC’s Beijing headquarters held urgent meetings with its US division and notified regulators. The bank is also considering seeking assistance from China’s Ministry of State Security to mitigate the risks of potential attacks on other units.
ICBC confirmed that it experienced a ransomware attack that disrupted some systems at its ICBC Financial Services unit. However, the bank assured that its head office, overseas units, and New York branch were not affected. ICBC FS offers fixed-income clearing, Treasuries repo lending, and equities securities lending.
This cyberattack is the latest in a series of incidents that have disrupted the global financial system. Earlier this year, ION Trading UK, a company serving derivatives traders, suffered a ransomware attack that paralyzed markets and forced manual processing of transactions. Such attacks have put financial institutions on high alert.
ICBC has been working on improving its cybersecurity in recent months, recognizing the increasing challenges posed by online transactions, new technologies, and open banking. Ransomware attacks against Chinese firms have been relatively rare due to China’s ban on crypto-related transactions, which makes it harder for victims to pay ransoms demanded in cryptocurrency.
However, this attack has exposed weaknesses in ICBC’s defenses, suggesting that Chinese banks may not have faced as many tests as their Western counterparts in the past. Ransomware attacks have been on the rise globally, with an almost 50% increase in ransomware payments recorded by Chainalysis and a 95% surge in attacks in the first three quarters of this year compared to 2020.
The incident at ICBC highlights the benefits of central clearing in the financial system, particularly in the $26 trillion US Treasuries market. Central clearing platforms act as intermediaries between buyers and sellers, assuming responsibility for completing transactions and preventing the propagation of default risks throughout the market.
As the financial industry grapples with the increasing threat of cyberattacks, it is crucial for banks and regulators to prioritize cybersecurity measures and remain vigilant in protecting the integrity of the global financial system.
