It has been reported that trading in the City of London has been plunged into chaos after a Russian-linked ransomware gang attacked a company that plays a key role in Britain’s financial system. Lockbit, the group behind the cyber attack against Royal Mail last month, targeted trading software provider Ion Group on Tuesday.
The London-based company plays an integral role in the plumbing that underpins the trading of shares, debt and derivatives in the Square Mile and around the world. Ion said 42 clients have been affected by the attack as it faces disruption in its cleared derivatives division. One senior City banker described the attack as a “major incident” that “would take out most of the City if it were to escalate”.
In its official statement, Ion Cleared Derivatives said that the incident is contained to a specific environment, and all affected servers are disconnected. Remediation of services is ongoing.
Sam Curry, chief security officer at Cybereason, said: “While specific details are scant at this time, with dozens of Ion’s customers potentially impacted by this latest shameless ransomware attack, you can’t just snap your fingers and restore disrupted services. Let me be clear that LockBit is a criminal organisation and their brazen attack raises their profile and spreads more fear, uncertainty and doubt across many industries. In time, we will learn if a ransom demand was issued and paid, or whether Ion refused to negotiate with this criminal organisation.”
- The ByBit Hack: Five things you need to know
- Prager Metis settles with SEC for $1.95m over FTX audit
- European retail investors turn bearish on CAC 40 amid post-Olympics calm
Curry added that organisations can’t pay their way out of ransomware, and those that do only embolden the criminals to launch future attacks. For Ion and other organisations that improve their network resiliency, the cyber criminals will quickly move onto softer targets because they are looking for the path of least resistance.
“Most gangs want to maintain a low profile and avoid being caught in the cross hairs of law enforcement agencies,” Curry explained. “In general, companies should prepare for ransomware attacks in peacetime and ensure redundancy in network connectivity and have mitigation strategies ready.”
Dependence on software could create vulnerabilities
“Software is the critical infrastructure for all other critical infrastructure,” said Jonathan Knudsen, head of global research at the Synopsys Cybersecurity Research Centre. “The attack on the Ion Markets illustrates not only the interconnected nature of the financial system, but also a crucial dependence on software.”
Software is a powerful tool for productivity but must be managed properly. In particular, security must be a top priority in all phases of software, from its conception through to its deployment. This applies equally to builders and buyers.
Builders must include security at every phase of their software development life cycle, using a combination of expert analysis and automated testing to flush out as many vulnerabilities as possible before software is put into production use. Buyers, similarly, should carefully evaluate the security practices of their vendors, then apply meticulous and repeatable processes for configuring, deploying, and operating the software they acquire.
Every piece of software is, in essence, an incredibly complicated machine. To secure such a machine against attack, builders and buyers alike must examine the entire supply chain of infrastructure, tools, open source components, source code, and configurations in a ceaseless quest to locate and mitigate vulnerabilities.
When an incident occurs, such as the Ion Markets attack, existing processes must be examined to understand what went wrong and how the processes can be improved to reduce risk in the future.
