Ransomware attack on China’s Biggest Bank may have hit US Treasury Market. A Quick analysis based on the information available in public forum

Ransomware attack on China’s Biggest Bank may have hit US Treasury Market. A Quick analysis based on the information available in public forum

Suspected Lockbit Ransomware attack hits International & Commercial Bank of China (ICBC) US unit and disrupts US Treasury Trades on Thursday, 09 Nov 2023.? As per reports, the Bank’s Head office at Beijing and other overseas Units were not impacted. Although the Lockbit Ransomware gang's dark web site where it typically posts names of its victims did not mention ICBC as a victim as of Thursday evening. Lockbit did not respond to a request for comment sent via a contact address posted on its site.

Impact in brief:

·??????? Disrupted some of the systems of ICBC Financial Services unit in US.

·??????? US Treasury Trades impacted.

·??????? The Cyber incident strike caused immediate disruptions – Banks and Brokerages were forced to re-route trades, while uncertainty prevailed on the restoration / resumption of access.

·??????? Normal online transactions came to a halt.

·??????? Online submission of Trade settlement details denied.

·??????? Extent of disruptions were not immediately clear.

·??????? Treasury market participants reported Liquidity was affected.

Cyber Security Posture of ICBC, world’s largest lender by assets has been improving in recent times adopting newer technologies and open banking. The Bank actively & effectively responded to the financial cybersecurity incident (crisis) following industry best practices of cybersecurity incident crisis management and business continuity.

Matured Cyber resiliency practices by the ICBC Financial Services unit enabled take following immediate steps during the crisis to limit the damage, till last reported:

·??????? Entities responsible for transactions of US Treasury trades swiftly disconnected from the ransomware attack impacted systems.

·??????? ICBC adopted the manual system by sending a special human courier with US Treasury trades transaction & settlement details on “USB Stick”.

·??????? ICBC Headquarters, Beijing swung into action holding urgent meetings with ICBC US unit and notified the Regulators.

·??????? ICBC Headquarters, Beijing and ICBC Financial Services US unit jointly started assessing the extent of damage and plan on the next steps to identify, Control, Mitigate and Remediations.

·??????? ICBC Headquarters, Beijing reached out to the China’s Ministry of State Security to prevent possible escalation of the Ransomware attacks on the other Units of the Bank.?

·??????? Gearing up for a possible scenario of clearing deals comprising hundreds of billions of dollars of transactions per day manually.

·??????? External / media Communication: ICBC Financial Services said in a statement a ransomware attack resulted in disruption to certain systems and it was investigating and "progressing its recovery efforts." It had successfully cleared Treasury trades executed on Wednesday (08 Nov) and repurchase agreements (repo) financing trades done on Thursday (09 Nov).

Action by the Regulator: The Financial Times reported earlier on Thursday (09 Nov) that the US Securities Industry and Financial Markets Association (SIFMA) told members that ICBC had been hit by ransomware that disrupted the US Treasury market by preventing it from settling trades on behalf of other market players. Official communication: "We are aware of the cybersecurity issue and are in regular contact with key financial sector participants, in addition to federal regulators. We continue to monitor the situation."

Possible dent to the Business Reputation of ICBC Financial Services Unit, US from market participants perspective:

·??????? The incident is likely to raise questions over market participant ICBC’s cyber security controls and potentially draw regulatory scrutiny.

·??????? There could have been maybe some technical issues with some participants not being able to access the market fully on the day.

·??????? Panic sets in: Some market participants said trades going through ICBC, China's largest commercial lender by assets, were not settled due to the attack and this affected market liquidity. "We don’t often see a bank this large get hit with this disruptive of a ransomware attack," said Allan Liska, a ransomware expert at the cybersecurity firm Recorded Future.

·??????? Rumours too galore: It was not clear whether this (market liquidity disruptions) contributed to the weak outcome of a 30-year bond auction on Thursday (09 Nov).

Ransomware Negotiations and Payments? No confirmation yet, but some signals to pick up from published reports. Quite obviously, it's not meant for public consumption.

·??????? Ransomware gangs may not name and shame their victims when they are negotiating with them on the ransom demand.

·??????? The ICBC did not comment on whether Lockbit was behind the hack. It is common for victim organizations to refrain from publicly disclosing the names of cybercrime gangs, while ransom negotiations are possibly on.

Takeaways: This incident of Ransomware attack on China’s Biggest Bank, hitting US Treasury Market and the follow up actions - Cyber Incident Response and possible Recovery displays effective cyber resiliency. This surely is an outcome of building a culture of flexible incident response and business continuity practices for organizations to emulate.

Thanks for your valuable time spared to read this article. If you found the reading useful, you may please LIKE, COMMENT & SHARE.

References:

Article published on Mint Lounge dated 11 Nov 2023

https://www.deccanherald.com/business/ransomware-attack-on-worlds-biggest-bank-disrupts-treasury-trade-markets-2765265

https://www.msn.com/en-ca/money/topstories/chinas-biggest-lender-icbc-hit-by-ransomware-attack/ar-AA1jGyio?


Prabir Sen

Bridging TRUST & ASSURANCE between Cybersecurity Innovators & Potential Adopters (Early-Movers) to improve Cyber Defense posture

1 年

Further update: China's Industrial and Commercial Bank (ICBC) paid a ransom says representative of Lockbit ransomware gang. Read more at: https://timesofindia.indiatimes.com/articleshow/105201249.cms?from=mdr&utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst

回复

要查看或添加评论,请登录

社区洞察

其他会员也浏览了