Dive Brief:
- EquiLend, a global securities trading and analytics platform operating on Wall Street, said Wednesday it will be down for several days after a cyberattack took systems offline.
- LockBit, one of the world’s most prolific ransomware groups over the past year, has claimed credit for the attack, The Wall Street Journal and Bloomberg reported.
- EquiLend retained external cybersecurity experts and other advisers to help investigate the attack and restore service.
Dive Insight:
The attack is certain to raise renewed concerns about the resilience of the securities and banking industries amid a series of high-profile attacks in recent months.
EquiLend, backed by a consortium of investment banking firms, including BlackRock and Credit Suisse, executes more than $2.4 trillion per month through its NGT platform.
The EquiLend incident impacted a “specific automated securities lending service,” FS-ISAC said in a statement. Market participants have moved over to using existing manual processes, with limited market impact.
“The sector is monitoring for any ongoing issues and coordinating through our established incident response processes and resilience mechanisms to ensure firms have the information they need to mitigate potential impacts,” FS-ISAC said.
The Securities and Exchange Commission last March proposed rules to require broker-dealers and other financial industry specialists to conduct annual reviews and disclose certain cyber incidents to the agency.
Broker dealers would also have to disclose cyber risks to investors under the proposed rules.
“The SEC continues to monitor with a focus on maintaining fair and orderly markets,” a spokesperson said regarding the EquiLend situation, via email.
LockBit conducted at least 233 ransomware and extortion attempts during the fourth quarter of 2023, more than any other prior quarter, according to a report by ZeroFox. Analysts said the increase in attacks was due in part to disruptions of rival firms by international law enforcement.
No details about the EquiLend attack have been posted on the LockBit shaming site, according to ZeroFox.
The FBI and Cybersecurity and Infrastructure Security Agency in November warned that affiliates of LockBit 3.0 were exploiting the CitrixBleed vulnerability to launch attacks, including a suspected ransomware attack against a subsidiary of Boeing.
The financial services arm of the Industrial and Commercial Bank of China was hit by a suspected ransomware attack claimed by LockBit in November. That incident led to temporary disruptions in U.S. securities trading.