Financial Crime World

Cybercrime in China’s Finance Industry Exposes Alarming Fragility

A Global Financial System Under Threat

The recent hacking of the New York arm of China’s largest bank, Industrial and Commercial Bank of China (ICBC), has sent shockwaves through the global financial system. The ransomware attack disrupted the US Treasury bond market, highlighting the alarming fragility of interconnected financial systems in the face of cybercrime.

A Growing Problem

The incident is not an isolated one. Dublin-based technology group Ion Markets was also targeted by a similar attack earlier this year, knocking out parts of the financial plumbing that underlies the vast derivatives trading industry. According to a recent Bank of England survey, the risk of such attacks is now deemed the number one systemic risk to the financial system.

Banking Industry Most Vulnerable

The financial sector is grappling with an escalating onslaught from cybercriminals, says Tris Morgan, managing director of security at telecoms group BT. His company’s data reveals that banking emerges as the most vulnerable industry, with an average of over 46 million signals of potential cyber attacks every day worldwide.

Motivations Behind Attacks

Hackers target financial groups not just to steal funds directly but also to extract troves of highly sensitive personal information to employ for further attacks or threaten to leak as an extortion tactic. According to Steve Stone, head of Rubrik Zero Labs at security group Rubrik, financial services organisations already hold 20 percent more data than those in other sectors.

Shift in Cybercriminal Tactics

Experts note a shift by increasingly bold cybercriminals from selling card data on underground marketplaces to deploying ransomware, which is becoming easier with the advent of generative artificial intelligence and off-the-shelf toolkits. In 2023, the number of ransomware attacks in the finance industry surged by 64 percent, and was nearly double the 2021 level, according to Sophos.

Espionage Actors Target Financial Sector

Entities within the financial sector can also be a target for espionage actors, such as nation-states, due to their role in “politically sensitive functions, such as sanctions enforcement and compliance, or financing of high-profile or controversial projects,” says Luke McNamara, deputy chief analyst at Mandiant Intelligence.

High Stakes

The stakes are high. A significant cyber attack on a global payments system could cost the world economy $3.5 trillion, according to Lloyd’s of London. Beyond bank runs and instability, a cyber breach can trigger immediate financial and reputational damage for fintech vendors themselves but also for the banks and brokers that rely on their software to trade clients’ money on public exchanges.

Systemic Vulnerabilities

The vulnerabilities lie not just in individual institutions but also in the monetary plumbing. A 2023 IMF survey of 51 countries found that 56 percent of central banks or supervisory authorities do not have a national cyber strategy for the financial sector, and 64 percent do not mandate testing and exercising cyber security measures.

Industry Response

Industry experts agree that financial services organisations need to invest in:

  • Cyber attack simulations
  • Stress testing
  • Contingency planning
  • Crisis response

They must also assess their data holdings, look at operational risk management, and consider operational resilience to set themselves up for battling threats.

Collaboration and Harmonisation

Industry-wide collaboration and increased regulatory harmonisation will be vital for survival. Intelligence gathering and sharing initiatives being led by cyber-focused non-profit FS-ISAC are a step in the right direction. However, addressing weaknesses all along the supply chain is also crucial, as rapid technological adoption introduces new vulnerabilities and amplifies systemic risks due to the concentration in essential technology and service sectors.

Responsibility for Cyber Security

“This calls for higher scrutiny from clients of these third-party software providers,” warns Philippe Thomas, chief executive of tech due diligence and audit tech group Vaultinum. The responsibility for cyber security cannot stop at individual institutions or industry-wide initiatives; it must extend throughout the entire supply chain to ensure the integrity of the financial system.