US financial regulator The Commodity Futures Trading Commission has reacted to the recent cybersecurity attack at ION Cleared Derivatives.
The US derivatives market watchdog indicated that it has been working with other financial regulators, market participants and other impacted parties to understand how the cyber incident occurred and to ensure that other CFTC-regulated derivatives markets are not compromised.
The incident at ION Cleared Derivatives, a subsidiary of ION Markets that provides order management, execution, trading and post-trade processing for cleared derivatives, was understood to involve a ransomware attack that began on the evening of 31 January.
ION has made limited public comment on the cyber vulnerability so far, but did issue a statement confirming that a cybersecurity event had impacted ION Cleared Derivatives and affected some of its services.
“The incident is contained to a specific environment, all the affected servers are disconnected and remediation of services is ongoing,” says the company. “Further updates will be posted when available”.
The attack is believed to have been propagated by ransomware group Lockbit and to have affected at least 42 customers of ION derivatives clearing.
The Futures Industry Association, the trade association for futures, options and cleared derivatives, said that it is coordinating information sharing through regular calls with relevant parties “to assess the firms impacted, how firms can work together to mitigate the disruption and to seek clarity over affected regulatory obligations and reporting”.
According to CFTC, the ongoing issue has impacted the ability of some clearing members to provide timely and accurate data reporting to CFTC.
“As the incident unfolded, it became clear that the submission of data that is required by registrants will be delayed until the trading issues are resolved.
“As a result, the weekly Commitments of Traders report that is produced by CFTC staff will be delayed until all trades can be reported.”
In providing guidance to derivatives trading firms that are required to report their trades to CFTC, the regulator said: “Commission staff recognise that certain reporting firms affected by the incident at ION do not have enough information at this time to fully prepare the daily large trader reports required under Part 17 of the Commission’s regulations.
“Each affected reporting firm should use best estimates in preparing those reports, working with Commission staff to ensure timely compliance.”
Commenting on the cyber incident, Sam Curry, chief security officer at cybersecurity specialist Cybereason, says: "Organisations cannot pay their way out of ransomware, and those that do only embolden the criminals to launch future attacks. For Ion and other organisations that improve their network resiliency, the cyber criminals will quickly move onto softer targets because they are looking for the path of least resistance.
“Most gangs want to maintain a low profile and avoid being caught in the cross hairs of law enforcement agencies. In general, companies should prepare for ransomware attacks in peacetime and ensure redundancy in network connectivity and have mitigation strategies ready," says Curry.
