All the consequences of the hacker attack on the Chinese bank ICBC
The US branch of the Chinese bank ICBC has suffered a cyber attack. The outage of some systems at the world's largest lender by assets has rattled the U.S. securities market. Global financial regulators are assessing the fallout.
A hacker attack on the US branch of the Industrial and Commercial Bank of China (ICBC) disrupted some operations in the US securities market on November 9.
In a notice appearing on its website Thursday evening, New York-based ICBC Financial Services confirmed that the company had “suffered a ransomware attack that resulted in the disruption of certain [financial services] systems” as of day before. ICBC FS said in a note that the bank has started the recovery program after the ransomware attack, a malware that blocks access to a computer by encrypting the data it contains, with the aim of obtaining a ransom from the victim for their unlocking.
According to some sources cited by Reuters , the incident forced the institute to also resort to using USB sticks to communicate details and transactions to customers.
State-owned ICBC is the largest of China's "Big Four" banks and the world's largest lender in terms of assets, according to S&P Global. On Friday, China's Foreign Ministry said the bank was paying close attention to the incident. Furthermore, the Chinese institute also said that it is cooperating with law enforcement agencies.
The S&P 500, Dow and Nasdaq closed lower on Thursday. Per CNN , the outage may have contributed to a brief market sell-off on Nov. 9. As the Financial Times recalls, ICBC is the only Chinese broker with a securities clearing license in the United States. He created the business after buying Fortis Securities' prime dealer services unit in 2010.
According to confidential sources cited by the Ft , the criminal gang known as Lockbit was behind the attack. The latter has already claimed responsibility for the recent ransomware attack against Boeing .
All the details.
ICBC UNDER HACKER ATTACK
On November 9, some large customers of the Chinese bank were unable to complete transactions on US stocks and government bonds due to the hacker attack that knocked out ICBC FS' computer systems.
In most cases, the transactions of the bank's clients, especially hedge funds and asset managers, were completed using the platforms of other institutions, CNN reports.
The American branch of the Chinese bank admitted what happened in a statement published on its website and indicated that it intervened "immediately after discovering the incident" by disconnecting and isolating the affected systems to contain the incident.
THE POSITION OF THE CHINESE BANK
“ICBC FS has conducted an in-depth investigation – reads the statement – and is continuing its recovery efforts with the support of its professional team of cybersecurity experts. He also reported the incident to the police. We successfully liquidated trades in the U.S. Treasury market on Wednesday and repo financing trades on Thursday.”
According to the statement, the systems of ICBC headquarters and other domestic and foreign affiliated institutions were not affected by this incident, nor was ICBC's New York branch.
ACTIONS TAKEN
The Industrial and Commercial Bank of China (ICBC) "has completed emergency management and supervision in an effort to minimize the impact of risks and losses," a Chinese Foreign Ministry spokesperson told reporters on Nov. 10.
THE SOFTWARE BEHIND THE ATTACK
According to security experts and sources from the FT and Bloomberg , the attackers conducted the attack using the LockBit 3.0 software, which disables computer systems and only unlocks them upon payment of a ransom.
The US government's Cybersecurity and Infrastructure Security Agency (Cisa) calls LockBit 3.0 "more modular and evasive", making it harder to detect.
LockBit is the most popular ransomware strain, accounting for about 28% of all known ransomware attacks from July 2022 to June 2023, according to data from cybersecurity firm Flashpoint.
HOSTED BY THE LOCKBIT GROUP
Furthermore, LockBit is also the name of the hacker collective behind the software of the same name. As CNBC reminds us, its business model is known as “ransomware-as-a-service”. It actually sells its malicious software to other hackers, known as affiliates, who then launch cyber attacks. The group's leader goes by the online name “LockBitSup” on dark web hacking forums.
“The group publishes primarily in Russian and English, but according to its website, the group claims to be based in the Netherlands and has no political motivations,” Flashpoint further explains in a blog post.
UNDER THE LENS OF FINANCIAL REGULATORS
“We are aware of the cybersecurity issue and are in regular contact with key players in the financial sector, as well as federal regulators. We continue to monitor the situation,” a Treasury spokesperson said.
The Securities and Exchange Commission (SEC), the US equivalent of Consob, is also aware of the incident and "continues to monitor, focusing on maintaining fair and orderly markets", a spokesperson for the authority said.
THE CONSEQUENCES FOR ICBC ACCORDING TO REUTERS
The blackout left the brokerage temporarily owing BNY Mellon $9 billion, an amount many times larger than its net worth, a measure of the resources available to promptly meet demands, Reuters notes.
When ICBC's operations stalled, it also became a problem for BNY Mellon, which is the sole settlement agent for Treasury securities, Reuters added, explaining that the bank played a crucial role in helping to resolve the problem, employing a manual process to settle transactions one by one, market participants said.
This meant that BNY was lending ICBC the cash, backed by Treasuries, according to the source. At that point, ICBC's parent company injected capital into the unit, allowing BNY to get paid, the source said.
These details and what happened next show how the ransomware attack pushed the company owned by China's largest bank to the brink, Reuters thunders.
THE FINANCE EXPERT'S COMMENT
Darrell Duffie, a Stanford finance professor, told Reuters that other companies in ICBC's situation may not have enough readily available capital to deal with a large deficit and default.
“Any default that might follow an event like this, if not resolved centrally, could propagate into a chain reaction of default events,” Duffie said. “This hack makes even clearer the important financial stability benefits of broader central clearing.”
THE EFFECTS ON THE MARKETS
In a call Friday afternoon, ICBC told market participants it was working with a cybersecurity firm, called MoxFive, to create secure systems that would allow it to resume normal activity on Wall Street, the sources told Reuters. . Meanwhile, the firm has asked its clients to temporarily suspend operations and settle transactions elsewhere, the sources added.
The Financial Times and Reuters quoted some market participants as saying that trades through the ICBC had been halted, which had affected market liquidity. It is unclear whether the incident contributed to the US Treasury's weak 30-year bond auction on Thursday, Reuters said.
There was a “sharp sell-off” in Treasuries after the auction, Ipek Ozkardeskaya, a senior analyst at Swissquote Bank, wrote in a Friday note to investors cited by CNN , saying yields rose for a number of different bonds.
According to Reuters , the incident serves “as a wake-up call for the financial sector and raises some concerns about the resilience of the $26 trillion Treasury bond market.”
The attack on the New York branch of the Industrial and Commercial Bank of China highlighted vulnerabilities in the Treasury market, the world's largest and most liquid, which supports asset prices around the world, notes the Financial Times .
This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/cybersecurity/tutte-le-conseguenze-dellattacco-hacker-alla-banca-cinese-icbc/ on Mon, 13 Nov 2023 13:08:06 +0000.