ION suffers cyber attack on derivatives platform

The trading technology provider was compromised yesterday by a cyber attack that impacted its overnight processing, with some clients quarantining all communications from the firm. 

ION Markets was hit with a cyber attack last night that impacted some of its derivatives services and resulted in concerns around trade processing for its clients. 

The news first came to light with a Twitter post from user PriapusIQ at 10.24pm last night claiming “trade processing carnage” following a cyber attack.  

“Basically, trading desks will be flying blind as no trades for today are going in on the overnight process,” claimed the post. “This will have a HUGE impact.” 

Further comments suggested that trade feeds were missing from exchanges, with brokers having to manually input trades. This has not been confirmed by ION or any of its clients. 

“Until further notice, all mails sent by ION or affiliates are quarantined and investigated by our security staff,” said one client alert, seen by The TRADE.  

According to a notification from Fidessa (acquired by ION in 2018) seen by The TRADE today, an issue was first identified on 31 January at 2.30am GMT “preventing access to certain systems within our environments,” which at 8am was confirmed to be caused by a cyber incident (Lockbit) involving VMware servers. 

LockBit is malicious software designed to block user access to computer systems, usually in exchange for a ransom payment. 

According to Fidessa, spreading was contained to cleared derivatives front, middle and back offices services for clients, with no other products or business lines affected.  

A client communication from Euronext, seen by The TRADE, confirmed that ION was “being affected by cyber issues” in what it called an “exceptional” situation; but that the incident had not affected Euronext. The exchange stated that it was “closely monitoring the situation to take all the appropriate actions to ensure fair and orderly markets”.  

In response to the rumours, ION Group confirmed to The TRADE that: “Cleared Derivatives, a division of ION Markets, experienced a cybersecurity event commencing on 31 January 2023 that has affected some of its services. The incident is contained to a specific environment, all the affected servers are disconnected, and remediation of services is ongoing. Further updates will be posted when available.” 

According to the latest information from Fidessa, systems are now up but currently not accessible, so they cannot yet establish if data has been affected. However, there are firewalls in place to protect and isolate network traffic and there is “no evidence” that the issue has spread to other parts of the company network.  

In-depth update sessions will be provided for clients today at 12pm and 7pm UK time, with regular updates also being provided to regulators and exchanges.  

Read More – NYSE claims technical glitch for early trading issues

The attack follows a glitch at the New York Stock Exchange last week that also resulted in trading halts, raising further concerns around market structure and integrity.