Breaking News Crypto News

World’s Biggest Bank Has to Trade Via USB Stick After Hack, China’s biggest lender ICBC hit by ransomware attack

November 10, 2023
Main Stream News Reporter

  • Incident caused ICBC’s clients to reroute some Treasury trades
  • ‘A true shock to banks around the world,’ Truesec founder says
  • On Thursday, trades handled by the world’s largest bank in the globe’s biggest market traversed Manhattan on a USB stick.

  • Banks are currently unable to see who they loaned money to for mortgages.

  • Banks reply upon this information to sell other loans against it, the entire house of cards is about to collapse.

  • The bottom card just got pulled out.

  • This Hack Mimics Mr Robot Story-line.

On Thursday, trades handled by the world’s largest bank in the globe’s biggest market traversed Manhattan on a USB stick.

Industrial & Commercial Bank of China Ltd.’s US unit had been hit by a cyberattack, rendering it unable to clear swathes of US Treasury trades after entities responsible for settling the transactions swiftly disconnected from the stricken systems. That forced ICBC to send the required settlement details to those parties by a messenger carrying a thumb drive as the state-owned lender raced to limit the damage.

ICBC Financial Services, the U.S. unit of China’s largest commercial lender by assets, said it was investigating the attack that disrupted some of its systems, and making progress toward recovering from it.
China’s foreign ministry said on Friday the lender is striving to minimise risk impact and losses after the attack.
“ICBC has been closely monitoring the matter and has done its best in emergency response and supervisory communication,” ministry spokesperson Wang Wenbin told a regular news conference.
Wang added businesses remained normal at ICBC head office and other branches and subsidiaries across the globe.
Hackers lock up a victim organisation’s systems in such attacks and demand ransom for unlocking it, often also stealing sensitive data for extortion.
Several ransomware experts and analysts said an aggressive cybercrime gang named Lockbit was believed to be behind the hack, although the gang’s dark web site where it typically posts names of its victims did not mention ICBC as a victim as of Thursday evening. Lockbit did not respond to a request for comment sent via a contact address posted on its site.
“We don’t often see a bank this large get hit with this disruptive of a ransomware attack,” said Allan Liska, a ransomware expert at the cybersecurity firm Recorded Future.
Liska, who also believes Lockbit was behind the hack, said ransomware gangs may not name and shame their victims when they are negotiating with them.
“This attack continues a trend of increasing brazenness by ransomware groups,” he said. “With no fear of repercussions, ransomware groups feel no target is off limits.”
U.S. authorities have struggled to curb a rash of cybercrime, chiefly ransomware attacks, which hit hundreds of companies in nearly every industry each year. Just last week U.S. officials said they were working on curtailing the funding routes of ransomware gangs by improving information-sharing on such criminals across a 40-country alliance.
The ICBC did not comment on whether Lockbit was behind the hack. It is common for targets to refrain from publicly disclosing the names of cybercrime gangs.
Since Lockbit was discovered in 2020, the group has hit 1,700 U.S. organizations, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). Last month it threatened Boeing with a leak of sensitive data.
A CISA spokesperson referred questions about the ICBC hack to the U.S. Treasury Department.
While market sources said the impact of the hack appeared limited, it signalled how vulnerable systems at large organizations such as the bank continue to be. Thursday’s incident is likely to raise questions over market participants’ cybersecurity controls and draw regulatory scrutiny.

TRADES CLEARED

ICBC said it had successfully cleared Treasury trades executed on Wednesday and repurchase agreements (repo) financing trades done on Thursday.
“In general, the event had a limited impact on the market,” said Scott Skrym, executive vice president for fixed income and repo at broker-dealer Curvature Securities.
Some market participants said trades going through ICBC were not settled due to the attack and affected market liquidity. It was not clear whether this contributed to the weak outcome of a 30-year bond auction on Thursday.
“There could have been maybe some technical issues with some participants not being able to access the market fully on the day,” said Michael Gladchun, associate portfolio manager, core plus fixed income, at Loomis Sayles.
The Financial Times reported earlier on Thursday that the U.S. Securities Industry and Financial Markets Association (SIFMA) told members that ICBC (601398.SS) had been hit by ransomware that disrupted the U.S. Treasury market by preventing it from settling trades on behalf of other market players.
“We are aware of the cybersecurity issue and are in regular contact with key financial sector participants, in addition to federal regulators. We continue to monitor the situation,” a Treasury spokesperson said in a response to a question about the FT report. SIFMA declined to comment.
The Treasury market appeared to be functioning normally on Thursday, according to LSEG data.
There has also  been a TOTAL MEDIA BLACKOUT on this story since October 31st 2023.

 

Leave a Reply