This will surely be the largest story for some time following one of the largest trading banks being frozen by a malware attack. Bank employees carrying trades on a USB stick to share with their trading partners.
Operational impacts of the USB workaround are complex and introduce different risks
Even that activity introduces a whole new set of issues when employees from ICB appear on the doorstep of Bank B with a USB. First question .. which computer in Bank B has a computer that can be trusted to accept the USB? Does Bank B even have an available USB port?
The implications are far reaching. For too long malware has been treated as a risk to be mitigated with the potential to offset the attack by deft media handling and spending some money.
This is not a geopolitical issue; it is a far reaching criminal issue. Bad actors, in this case Russian will realise the power they wield and the effect will be far reaching.
Is this a manageable risk
This situation brings the reality home when the entire business model is brought to its knees and worse 100% of other market trading participants are directly or indirectly affected.
There are mitigations which can be introduced but they are not simple deployments.
The winning banks will deploy Zero Trust authentication for all employees. No employee should ever know the password details that provide access to systems.
We do not know yet how Lockbit got in but it is likely as simple as a junior Application Manager introducing the malware via an email link which was believed to be innocent. However Lockbit got in, Zero Trust and associated tools would prohibit such access.
Banks must get used to the concept of bad actors being live in their network. Think about that.
Expect more to come on this and the lessons to be learned.
The workaround — described by market participants — followed the attack by suspected perpetrator Lockbit, a prolific criminal gang with ties to Russia that has also been linked to hits on Boeing Co., ION Trading UK and the UK’s Royal Mail. The strike caused immediate disruption as market-makers, brokerages and banks were forced to reroute trades, with many uncertain when access would resume.
Impact of the attack – Bloomberg
On Thursday, trades handled by the world’s largest bank in the globe’s biggest market traversed Manhattan on a USB stick.
Industrial & Commercial Bank of China Ltd.’s US unit had been hit by a cyberattack, rendering it unable to clear swathes of US Treasury trades after entities responsible for settling the transactions swiftly disconnected from the stricken systems. That forced ICBC to send the required settlement details to those parties by a messenger carrying a thumb drive as the state-owned lender raced to limit the damage.
Tags #ICB #USB-trading #ransomeware #malware #Cybersecuruty #Cybersecuruty-failure
Bankwatch 