The U.S. unit of the Industrial & Commercial Bank of China (ICBC) was hit by a cyberattack on Thursday, making it unable to clear swathes of US Treasury trades after entities responsible for settling the transactions swiftly disconnected from the affected systems.
The development, according to Bloomberg’s report, forced ICBC to send the required settlement details to those parties by a messenger carrying a thumb drive as the state-owned lender raced to limit the damage.
The attack was suspected to have been perpetrated by Lockbit, a prolific criminal gang with ties to Russia that has also been linked to hits on Boeing Co., ION Trading UK, and the UK’s Royal Mail.
The strike caused immediate disruption as market-makers, brokerages, and banks were forced to reroute trades, with many uncertain when access would resume. The U.S. unit of ICBC reported $23.5 billion of assets at the end of 2022 according to its most recent annual filing with US regulators.
ICBC confirmed the attack
According to Bloomberg, ICBC late Thursday confirmed it had experienced a ransomware attack a day earlier that disrupted some systems at its ICBC Financial Services unit.
The company said it isolated the affected systems and that those at the bank’s head office and other overseas units weren’t impacted, nor was ICBC’s New York branch.
As details of the attack emerged, employees at the bank’s Beijing headquarters were reported to have held urgent meetings with the lender’s US division and notified regulators as they discussed the next steps and assessed the impact, according to a person familiar with the matter. ICBC is considering seeking help from China’s Ministry of State Security in light of the risks of a potential attack on other units, a source told Bloomberg.
Warning to Nigerian financial institutions
The attack on the world’s biggest bank came as a strong warning to financial institutions in Nigeria to double up their security architecture. Already, commercial banks and fintechs have been recording billions of losses to hackers in recent times.
Nairametrics recently reported that 3 fintechs have lost over N5 billion to hackers in the first 8 months of this year as cases of hacks and frauds increase within the ecosystem.
While there are many more incidences involving undisclosed amounts running into billions, it was gathered that the situation is getting more complicated as some of the heists had members of staff of the fintechs involved.
Commercial banks are also losing money to hacks and frauds even though many are kept secret. In its Q2 2023 Fraud and Forgeries report, FITC revealed that commercial banks in Nigeria lost a total of N5.79 billion to fraud activities in the quarter.
This amount represented a 1,125.03% increase in losses when compared with the N472 million lost in Q1 2023.
Recent cyberattacks on global companies
Eight months ago, ION Trading UK a little-known company that serves derivatives traders worldwide was hit by a ransomware attack that paralyzed markets and forced trading shops that clear hundreds of billions of dollars of transactions a day to process deals manually. That has put financial institutions on high alert.
Blockchain analytics firm Chainalysis had recorded roughly $500 million of ransomware payments through the end of September, an increase of almost 50% from the same period a year earlier.
Ransomware attacks surged 95% in the first three quarters of this year, compared with the same period in 2022, according to Corvus Insurance.
In 2020, the website of the New Zealand Stock Exchange was hit by a cyberattack that throttled traffic so severely that it couldn’t post critical market announcements, forcing the entire operation to shut down.
It was later revealed that more than 100 banks, exchanges, insurers and other financial firms worldwide were targets of the same type of so-called DDoS attacks simultaneously.