Tag Archive for: Funds

ICBC pumps funds into US unit after ransomware attack to pay US$9 billion for unsettled trades, hires cybersecurity firm

/in


ICBC’s US unit told market participants on Friday it was hoping to finish the cyber review over the weekend, but the sources said they expected it would spill into next week. Meanwhile, the bank is using manual processes to trade, they said.

The details, including the cash injection for unsettled trades, have not been previously reported.

The ransomware attack was claimed by cybercrime gang LockBit, a widely deployed ransomware first seen on Russian-language-based cybercrime forums in January 2020. It is the latest in a string of ransom demands by hackers this year.

Ransomware attack on ICBC unit disrupts US Treasury market trades

The cyberattack sent ripples through the US Treasuries market, where ICBC acts as a broker for hedge funds and other market participants, helping them trade in the securities. While the extent of disruption to market was limited, it brought into focus the resilience of a market that underpins global finance.

When the hack happened earlier this week, ICBC was unable to access its systems, leaving it temporarily owing BNY US$9 billion for unsettled trades, two of the sources said. The custody bank is the sole settlement agent for Treasuries.

The Chinese parent then injected capital into the US unit, allowing it to settle the trades and pay back BNY Mellon, the sources said. That has now happened, they said.

ICBC did not respond to a request for comment. ICBC Financial Services, the bank’s US unit, has said it was investigating the attack that disrupted some of its systems, and making progress toward recovering from it.

Industrial and Commercial Bank of China near Pudong South Road, Shanghai. ICBC says it hopes to complete the assessment of its systems as soon as this weekend after a ransomware attack. Photo: Future Publishing via Getty Images

ICBC’s representatives told market participants on a call organised by the Securities Industry and Financial Markets Association (SIFMA), a trade group, on Friday afternoon that they had hired a cybersecurity firm to do an assessment to ensure that its systems are safe, three sources familiar with the matter said.

ICBC said it hopes to be done as soon as this weekend, the sources said, noting that it could take longer,…

Source…

Capita: Watchdog warns pension funds over data after hack

/in



The Pensions Regulator has asked trustees responsible for funds that use Capita as an administrator to assess whether clients’ data is at risk. After the hack in late March, personal information held …

Source…

Chinese government-linked hacking group allegedly stole $20M in COVID relief funds

/in


A hacking group linked to the Chinese government is alleged to have stolen more than $20 million in COVID relief benefits, including U.S. Small Business Administration loans and unemployment funds in more than a dozen states.

NBC reported today that the allegation comes from the Secret Service, although the agency has not released a report on the matter. The group allegedly behind the theft, APT41 — also known as Wicked Panda and Winnti — is well-known and has been behind multiple attacks in the past, making the claim believable.

Referencing officials and experts, most speaking off the record, NBC said other federal investigations of pandemic fraud have also pointed back to foreign state-affiliated hackers. A spokesperson for the Secret Service declined to comment further, but one spokesperson did suggest that the attacks may have targeted all 50 states.

Presuming APT41 did steal $20 million in pandemic relief funds, the theft would be a drop in a bucket next to the figures believed to have been extorted, stolen or wrongly claimed. The Labor Department Office of the Inspector General believes that roughly 20% of the $872.5 billion spent on federal pandemic funds were improperly paid, with the fraud rate potentially higher yet.

The Justice Department indicated members and associates of APT 41 in September 2020 on allegations of state-sponsored hacking. At the time, the group was alleged to be behind computer intrusions affecting more than 100 companies and groups in the United States and abroad.

Groups and companies previously targeted by APT41 include software development companies, computer hardware manufacturers, telecommunications providers, social media companies, video game companies, nonprofit organizations, universities, think tanks and foreign governments, as well as pro-democracy politicians and activists in Hong Kong.

“The actions of Wicked Panda to steal from the U.S. Paycheck Protection Program post-COVID-19 comes as no surprise and should be a continued wakeup call,” Tim Kosiba, chief executive officer of government cybersecurity solutions and training provider bracket f Inc., a subsidiary of Redacted Inc., told SiliconANGLE. “This Chinese-backed…

Source…

SEC Proposes To Expand Cybersecurity Obligations Of Registered Investment Advisers And Registered Funds – Technology

/in


The SEC recently proposed a series of new rules and amendments (the Proposed Rules)
under the Investment Advisers Act of 1940 and the Investment
Company Act of 1940 concerning cybersecurity risk management for
registered investment advisers (registered advisers) as well as
registered investment companies (registered funds). If adopted,
these rules would require registered advisers and registered funds
to implement extensive written cybersecurity policies and
procedures and significantly augment their cybersecurity reporting,
disclosure and recordkeeping obligations. Coming on the heels of
SEC Chair Gary Gensler’s recent vow to improve the
“overall cybersecurity posture and resiliency of the financial
sector,” the Proposed Rules are the latest demonstration of
the SEC’s heightened focus on bolstering regulations to better
prevent and respond to cybersecurity attacks on securities markets.
Issuance of the Proposed Rules is also driven by the SEC’s
expressly stated concern that, notwithstanding observations the SEC
has made in recent risk alerts and enforcement actions, registered
advisers and registered funds have not adopted reasonably designed
cybersecurity programs to sufficiently address an increasingly
sophisticated and volatile cyberthreat landscape.
Comments on the Proposed Rules are due on the later of
April 11, 2022 or 30 days after their publication in the Federal
Register.

Background on Registered Advisers and Registered Funds

The Proposed Rules would impose substantially similar
obligations on registered advisers—such as money managers,
investment consultants and financial planners—and registered
funds—such as mutual funds, exchange-traded funds, registered
closed-end funds, business development companies, and unit
investment trusts—but there are some distinctions,
particularly with respect to reporting and disclosure requirements.
While both registered advisers and registered funds would be
obligated to disclose significant cybersecurity incidents to
clients and investors, only registered advisers would be required
to report such incidents to the SEC. Because registered advisers
would have to report incidents of their fund…

Source…