Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 21 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Ransomware attack halts London trading

A cyberattack on financial data group Ion Markets has caused severe disruption to City of London trading activities

by Guru Writer
February 3, 2023
in Featured, News
london-skyline-canary-wharf
Share on FacebookShare on Twitter

Ion Markets, a financial data group crucial to the financial plumbing underlying the derivatives trading industry, has fallen prey to the cybercrime group Lockbit. 

The company has revealed that 42 clients have been affected by the attack, which has caused major disruption in its cleared derivatives division. 

Reports suggest that some clients have been unable to contact Ion by phone since Tuesday, with some travelling to the company’s office at St Pauls to seek more information.

“The incident is contained to a specific environment, all the affected servers are disconnected, and remediation of services is ongoing,” according to a post on Ion’s website. 

It’s understood that the incident has impacted other trade processing systems, even forcing some companies to process trades manually. 

Lockbit has been especially active recently, claiming responsibility for the attack on Royal Mail last month, which forced the company to suspend international postal deliveries. 

The cybercriminal group has reportedly used its’ signature ransomware, which encrypts files and issues a ransom note, typically demanding payment in cryptocurrency before the decryption key is provided.

Expert Insight: 

Jonathan Knudsen, head of global research at the Synopsys Cybersecurity Research Centre:

“Software is the critical infrastructure for all other critical infrastructure. The attack on the Ion Markets illustrates not only the interconnected nature of the financial system, but also a crucial dependence on software. 

Software is a powerful tool for productivity but must be managed properly. In particular, security must be a top priority in all phases of software, from its conception through to its deployment. This applies equally to builders and buyers. Builders must include security at every phase of their software development life cycle, using a combination of expert analysis and automated testing to flush out as many vulnerabilities as possible before software is put into production use. Buyers, similarly, should carefully evaluate the security practices of their vendors, then apply meticulous and repeatable processes for configuring, deploying, and operating the software they acquire. 

Every piece of software is, in essence, an incredibly complicated machine. To secure such a machine against attack, builders and buyers alike must examine the entire supply chain of infrastructure, tools, open source components, source code, and configurations in a ceaseless quest to locate and mitigate vulnerabilities. When an incident occurs, such as the Ion Markets attack, existing processes must be examined to understand what went wrong and how the processes can be improved to reduce risk in the future.”

Sam Curry, chief security officer at Cybereason:

“While specific details are scant at this time, with dozens of Ion’s customers potentially impacted by this latest shameless ransomware attack, you can’t just snap your fingers and restore disrupted services. Let me be clear that LockBit is a criminal organisation and their brazen attack raises their profile and spreads more fear, uncertainty and doubt across many industries. In time, we will learn if a ransom demand was issued and paid, or whether Ion refused to negotiate with this criminal organisation.

Organisations can’t pay their way out of ransomware, and those that do only embolden the criminals to launch future attacks. For Ion and other organisations that improve their network resiliency, the cyber criminals will quickly move onto softer targets because they are looking for the path of least resistance. Most gangs want to maintain a low profile and avoid being caught in the cross hairs of law enforcement agencies. In general, companies should prepare for ransomware attacks in peacetime and ensure redundancy in network connectivity and have mitigation strategies ready. Practise good security hygiene and regularly update and patch operating systems and other software. Also, conduct periodic table-top exercises and drills including people beyond the security team and all the way to the Executive Suite.”

Jamie Cameron, security consultant at Adarma:

“Money is the biggest motivator for cyber threat groups like Lockbit, who are becoming ever more sophisticated in their attacks, which is why financial organisations need to be hyper focused on building their cyber resilience. It’s important they are aware that Lockbit is currently in a state of flux, and that previous defences against Lockbit’s signature ransomware is no longer applicable. Lockbit is evolving and it’s vital that businesses update their defences accordingly. 

We’ve observed that Lockbit have been bringing in developers from the BlackMatter ransomware group to write a new version of their software (Lockbit Black), which is now free on the open market due to a leak from a disgruntled developer over a pay dispute. Most recently, Lockbit has had a developer, believed to be from the now defunct Conti group, write new malware, known as Lockbit Green or they’ve utilised the leaked toolset from the two prominent Conti leaks of last year to develop this new variant. 

Lockbit have been launching attacks using both the original version of their ransomware and Lockbit Black and we see no reason why they wouldn’t throw Lockbit Green into the mix. Organisations should be aware of this due to how prolific the group are.”

Ziv Dines, CTO, Cyber at Armis:

“The majority of organisations see PII, critical infrastructure and operational downtime as the most at risk in the event of a cyberwarfare attack, and Lockbit’s recent activity encompasses all three. It’s clear from attacks on critical services such as the Royal Mail and ION Group, a major supplier of services to the financial system, that criminals are gathering pace.

The affected company confirmed the incident has been contained to a specific environment, but the operational inefficiencies caused by having to switch to manual processes introduce a significant amount of risk in both the short and long term. Organisations should be on high alert, making sure they have oversight of their internal systems and any assets that may be connected to them in order to spot and remediate anomalies quickly.”

Jamie Akhtar, CEO and co-founder of CyberSmart: 

“This incident and its attribution demonstrate that we aren’t dealing with run-of-mill cybercriminals or threats. Instead, this looks like a calculated attack on the very infrastructure that supports the UK’s financial system. What’s more, it’s a signal that the ‘cyber cold war’ being conducted as part of the conflict in Ukraine has begun to heat up.

We’ve been seeing a pattern of escalation in these attacks over the past few months, so we urge all businesses, even SMEs, to be as vigilant as possible in updating and patching software, employing good cyber hygiene, and treating anything unusual with suspicion.”

Javvad Malik, lead security awareness advocate at KnowBe4:

“This is a reminder not only of 3rd party and supply chain risks, but also that many times large, well known organisations will invest heavily in cyber security. But there are many smaller organisations in the chain which are critical to day to day operations. 
It’s why conducting thorough risk assessments is important – to identify what business processes are important so that the appropriate controls and resilience can be built into the system.”

Chris Hauk, Consumer Privacy Advocate at Pixel Privacy

“The LockBit ransomware gang has been at this for several years, becoming one of the most ruthless and effective ransomware groups around, impacting hundreds of companies and organizations around the globe. By creating point-and-click ransomware that makes it easy to perform such attacks and by running the group as a profit-focused business, the group’s ransomware will continue to be popular among agents of chaos.”

 

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

Next Post

$400,000 Fine for Stalkerware App Developer

Recent News

Nominations are Open for 2023’s European Cybersecurity Blogger Awards

Nominations are Open for 2023’s European Cybersecurity Blogger Awards

March 20, 2023
TikTok to be banned from UK Government Phones

TikTok to be banned from UK Government Phones

March 17, 2023
New AT&T Cybersecurity USM Anywhere Advisors Service Helps to Establish and Maintain Threat Detection and Response Effectiveness

Should Your Organization Be Worried About Insider Threats?

March 17, 2023
Guild Education controls API abuse with Salt Security

Guild Education controls API abuse with Salt Security

March 16, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information