Cyber ​​attacks on Fintech firms disrupt derivatives trading globally

A cyber attack on a subsidiary of Dublin-based financial technology and trading firm ION Group has disrupted transactions for dozens of major clients in both Europe and the United States, affecting the exchange-traded derivatives market, the firm and other sources said this week. .

The attack, allegedly carried out by the Russia-linked LockBit ransomware group, has resulted in the trading company isolating servers and taking them offline. The company’s subsidiary ION Cleared Derivatives, which offers order management and execution services, acknowledged the “cyber security incident” in a statement on January 31.

“The incident is confined to a specific environment, all affected servers are offline, and remediation of services is ongoing,” ION Cleared Derivatives said in a statement, adding that it would provide further updates as more information becomes available.

Derivatives are financial instruments whose value is linked to an underlying asset or a benchmark, such as the price of oil, debt portfolios or shares. The four broad categories of derivatives are options, futures, swaps and forwards, with huge sums traded every day. The value of assets traded as options and futures in North America, for example, was $30.1 trillion and $23.5 trillion respectively in the third quarter of last year, according to the Bank for International Settlements.

The cyberattack on ION Cleared Derivatives has affected at least 42 of the company’s clients, disrupting their processing of derivatives trades, according to a Bloomberg News report. Several members of two major industry groups in the US – CME Group and Intercontinental Exchange – have also been affected by the attack on ION Group, says an article in the Financial Times.

LockBit ransom for ION Group
The LockBit group claims they have hacked the ION Group’s network. Source: Recorded Future

The Futures Industry Associations (FIA) – which represents one area of ​​derivatives, futures contracts – is investigating the attack’s effects on its members, the group said in a statement.

“The FIA ​​is aware of network issues caused by a cyber incident on certain ION Group systems affecting the trading and clearing of exchange-traded derivatives by ION clients across global markets,” the group stated. “We are working with affected members, including clearing firms and exchanges, as well as market regulators and others, to assess the extent of the impact on trading, processing and clearing.”

LockBit claims credit for carnage

The notorious LockBit group – responsible for recent attacks on the Hospital for Sick Children in Toronto and a number of chemical and industrial targets – posted a breach notice on its extortion site on February 2 naming the ION group as a victim. Additionally, a ransom note, allegedly from the group, is currently circulating on private forums and refers to ION Group as a compromised business, said Allan Liska, senior analyst at threat intelligence firm Recorded Future.

How the LockBit group gained access to the ION group’s subsidiary and the extent of the damage are questions that will probably take a while to answer, says Liska.

“Unfortunately, not much is known yet about the tools used in the attack,” he says. “ION Group is likely still assessing the damage and conducting incident response and disaster recovery, so they may not know the full extent yet.”

The LockBit cybercrime group uses a ransomware-as-a-service (RaaS) model, creating the tools to compromise and infect victims and then relying on affiliates to infect companies, healthcare organizations and government agencies. While ransomware groups previously relied on encrypting data and holding the keys for ransom, the modern variant of the scheme usually also steals sensitive data and threatens to release it.

How widespread is the impact of the ION attack?

The immediate impact on customers of ION Cleared Derivatives’ services is that post-trade processes – such as “trade matching and keeping track of risk and margin requirements” activities normally automated by the company’s services – will have to be completed manually, according to the Financial Times.

Nevertheless, the service disruption also affects the markets in the US and parts of Asia, and emphasizes the connection between today’s financial and technological infrastructure.

“ION Group is used by financial institutions worldwide, so this attack is likely to have a wide-ranging impact on those institutions,” says Record Future’s Liska. “Unfortunately, this is an increasingly common problem with ransomware attacks: the attack affects not only the affected organization, but every organization that the organization works with.”

While the attack has had far-reaching — and in some cases surprising — effects, a senior US Treasury official said the disruption to ION Cleared Derivatives’ platform did not pose a “systemic risk to the financial sector,” according to Bloomberg News.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *