Last Updated on:
In a historic turn of events on Thursday, the world’s largest bank, Industrial & Commercial Bank of China Ltd. (ICBC), was compelled to trade in the global market using a USB stick following a cyberattack on its US unit. The attack, attributed to the notorious Lockbit criminal gang with ties to Russia, disrupted ICBC’s ability to clear substantial volumes of US Treasury trades, prompting a swift response to contain the fallout.
The cyber incident forced ICBC to resort to a workaround, with settlement details for affected trades delivered via a messenger carrying a thumb drive. Market participants were left scrambling as the attack, connected to previous hits on Boeing Co., ION Trading UK, and the UK’s Royal Mail, triggered widespread rerouting of trades, leaving uncertainty about when normal access would be restored.
The breach highlights a looming threat that financial leaders fear—a potential cyber attack capable of paralyzing a crucial component of the financial system. Even brief disruptions prompt calls for increased vigilance from both banking leaders and government overseers.
Marcus Murray, founder of Swedish cybersecurity firm Truesec, commented on the significance of the event, stating, “This is a true shock to large banks around the world. The ICBC hack will make large banks around the globe race to improve their defenses, starting today.”
As details of the attack unfolded, urgent meetings were held between employees at ICBC’s Beijing headquarters and the bank’s US division. The incident, identified as a ransomware attack by suspected perpetrator Lockbit, prompted discussions on next steps and assessments of the impact. ICBC is reportedly considering seeking assistance from China’s Ministry of State Security due to the potential risk of attacks on other units.
ICBC later confirmed the ransomware attack, acknowledging disruption to some systems at its ICBC Financial Services unit. The bank assured that its head office and other overseas units, as well as the New York branch, remained unaffected.
While the full extent of the disruption remains unclear, participants in the Treasury market reported a noticeable impact on liquidity. The Securities Industry and Financial Markets Association (Sifma) held calls with its members to address the matter.
ICBC Financial Services, specializing in fixed-income clearing, Treasuries repo lending, and equities securities lending, had $23.5 billion in assets at the end of 2022, according to its most recent filing with US regulators.
This incident follows a trend of cyberattacks targeting the global financial system, with ION Trading UK facing a similar ransomware attack eight months ago, causing market paralysis and manual processing of transactions by clearing entities.
ICBC, the world’s largest lender by assets, has emphasized improvements in its cybersecurity in recent months. The attack raises questions about the effectiveness of ICBC’s security measures, with experts suggesting that Chinese banks may face less testing compared to their Western counterparts.
Ransomware attacks have surged globally, with predictions of record levels in the current year. The incident involving ICBC underscores the ongoing efforts by hackers to target major corporations and financial institutions, heightening concerns about the vulnerability of critical systems.
As the Securities and Exchange Commission works to mitigate risks in the financial system, ICBC’s cyber incident underscores the potential advantages of central clearing in the $26 trillion US Treasuries market. Stanford University finance professor Darrell Duffie remarked, “I view it as one example of why central clearing in the US Treasuries market is a very good idea.”
The aftermath of the cyberattack leaves the financial industry grappling with the implications of this unprecedented event and reinforces the need for robust cybersecurity measures in an increasingly digitized world.