When the Russo-Ukrainian war began in late February, there was an almost immediate response from government and cybersecurity experts alike: the U.S. financial industry should beware that just because they may not be affected by the ground assault, there was a good chance they’d be prime targets for the online attack that was threatened.
Flash forward to today, in the face of sanctions from many countries and in many sectors, it would appear from headlines that it’s the Russian banks, like Sberbank, that have felt the wrath of cyber-hijackers and even opposing nation-states. But experts on network security at U.S. financial institutions, which have been fending off Russian organized crime rings and even government-backed hackers for years, know that while the invasion of Ukraine may be winding down, the potential cyberthreats to their data, their money, their infrastructure and their customers press on.
“The Russia-Ukraine conflict will soon enter its third month. While the initial uncertainty has worn off, the cyberattacks purported by Russia and its operatives are likely to intensify as sanctions and the associated economic toll increase,” said Dan Katz, cybersecurity and data privacy director at Mazars, a global consultancy.
“Russian cyberattacks will continue to inflict collateral damage on a wide variety of organizations, but will likely continue to strongly target financial services organizations,” he underscored.
This is not only due to the major role of the financial and payments industries play in the global critical infrastructure, and potential data and monetary profits to be had, but also because many U.S. banks still rely on fairly complex or siloed core systems — which are often much trickier to protect.
John Horn, director for the cybersecurity practice at the Aite-Novarica Group, a financial research and consulting firm, pointed out that “even before the U.S. imposed economic sanctions on Russia ... top cybersecurity agencies warned of the heightened threat of cyberattacks” on the U.S. financial infrastructure.
“Though many experts agree the threat remains,” Horn added, “they disagree over its severity and why exactly Russia has not launched any major cyber weapons that we know of.”
Another reason financial firms remain cautious in guarding their online flanks is simple revenge by Russia for those controversial sanctions imposed by the U.S. and other countries.
“When the sanctions were implemented against Putin, his oligarch supporters and Russia overall, Putin would like to apply pressure to the banks that are a key component of the U.S. GDP,” said Tom Atkins, a network security expert at Attivo, who often works in the financial sector.
Hence, it is believed that more pointed and pernicious attacks on the U.S. financial infrastructure may yet come to the fore, according to Neal Bridges, CISO at Query.AI and a former NSA hacker, with the specific threats varying based on how each financial institution, service or third-party interacts with Russia and Ukraine.
For example, Bridges pointed out that Citigroup has an operating presence in Kyiv, which means that the global bank at least some physical IT infrastructure in place there, which is likely connected to Ukrainian internet, staffed by Ukrainian personnel, and affected by Ukrainian environmental variables.
Fellow expert Atkins agreed: “Putin is very likely to target U.S. banks that operate in Ukraine as he works to physically exert his control over that market. It is very likely that he has encouraged Russian cyber-criminal groups to pick up the pace of their attacks to inflict damage through ransomware and DDoS attacks."