Filtered By: Scitech
SciTech

ICBC ransomware attack triggers global regulator, trader scrutiny


ICBC ransomware attack triggers global regulator, trader scrutiny

LONDON/NEW YORK - Global regulators on Friday were monitoring the impact of a ransomware attack on the Industrial and Commercial Bank of China (ICBC), China's biggest bank, as traders assessed trading disruption in the vital U.S. Treasuries market.

ICBC's U.S. arm was hit on Thursday in the latest of a string of ransomware attacks this year that have targeted companies around the world.

"These cyberattacks are scary," said Jack McIntyre, a fixed income portfolio manager at Brandywine. "The good news would be that I guarantee you primary dealers are having (a) discussion to make sure this cannot happen to them. I'm sure everybody's doing a deep dive on their security systems."

Primary dealers, which include the largest Wall Street banks, act as counterparties to the Federal Reserve in open market operations as part of implementing U.S. monetary policy. When the U.S. Treasury issues new securities, primary dealers handle the purchases on behalf of the Fed, which acts as the seller.

Several primary dealers did not immediately respond to requests for comment.

China's foreign ministry said on Friday that ICBC was trying to minimize the risk impact and losses after the attack, which several experts blamed on hacking group Lockbit.

"Yes we confirm," a Lockbit representative said on Friday, without elaborating, in response to a request for comment.

Lockbit ransomware, first seen on Russian-language-based cybercrime forums in January 2020, is the most deployed ransomware across the world, hitting 1,700 U.S. organizations, according to the U.S. Cybersecurity and Infrastructure Security Agency.

Business remains normal at ICBC's head office, branches and subsidiaries across the globe, China's foreign ministry spokesperson Wang Wenbin told a regular news conference.

"ICBC has been closely monitoring the matter and has done its best in emergency response and supervisory communication."

Britain's Financial Conduct Authority said it was "communicating with the relevant U.S. and UK authorities and firms to identify any impacts to UK financial services."

In the U.S., the Financial Industry Regulatory Authority said it is monitoring any impact on firms and customers and is closely working with other regulators. The U.S. Securities and Exchange Commission continues to monitor markets with a "focus on maintaining fair and orderly markets," a spokesperson said.

The Federal Reserve Bank of New York declined to comment.

Some market participants said trades going through ICBC were not settled due to the incident and that market liquidity had been affected. It was unclear whether this contributed to the weak outcome of a 30-year bond auction on Thursday.

Investors and traders found it hard to assess how much it impacted the market on Thursday, when bond markets were selling off after comments from Federal Reserve Chair Jerome Powell.

Even if the impact seemed limited, the attack underlined how systems at large organizations remain vulnerable, they added.

"A source of liquidity in the market dried out for an extended period of time," said Jan Nevruzi, U.S. rates strategist at NatWest Markets, noting that the attack lowered inter-dealer broker volumes and hurt the auction.

"Today people have found contingencies and alternatives because a certain amount of time has passed since then. I imagine there's still some market liquidity impairment."

One fixed income manager at an asset management firm in Europe said some illiquidity could be blamed on the U.S. Treasury inter-dealer broker market around the time of the hack and post-auction.

ICBC said it had successfully cleared Treasury trades executed on Wednesday and repurchase agreements (repo) financing trades on Thursday.

ICBC's Hong Kong-listed shares ended Friday down 0.8%, compared to a 1.13% drop in a Hong Kong index of mainland Chinese banks. Its Shanghai-listed shares closed flat.  — Reuters

Tags: ransomware, ICBC