Threat Management, Risk Assessments/Management

US banks warned of possible cyberattacks amid Russia-Ukraine tensions

Agencies from the US and UK detailed a new piece of malware they say has been leveraged by the Russian Sandworm APT group since June 2019. (Photo by Matthew Stockman/Getty Images)

In the wake of widespread reports Wednesday that the European Central Bank (ECB) raised its threat level for cybercrime for banks in Europe, U.S. financial firms may soon be feeling the heat from increasingly more sophisticated nation-state hackers.

Initially citing unnamed sources in the financial industry, Reuters reported Feb. 9 that banks in Europe and the United States are being warned to brace for a potentially potent attack, most likely coming from Russia. The concern over a potential widespread cyberattack on the banking community largely emanates from the ongoing feud between Russia and the Ukraine, which has the former massing troops near the border and most political leaders in Europe taking sides.

“I think it’s pretty obvious there’s a real concern here,” said Victor Wieczorek, director of threat and attack simulation at cybersecurity firm GuidePoint Security. While European and U.S. financial regulators and politicians do not want to “raise concerns unduly” causing fear-mongering and potentially further worsening tensions, he said that “this has been the culmination of many [events] — not just one red flag.”

Aside from the recent developments on the physical border of Russia and Ukraine, Wieczorek, who manages nation-state red teaming, pointed out the takedown of the SkyFraud cybercrime forum and recent messaging by Russia that has added to the ongoing cyber-posturing.

Funded by the Russian government, and led by top-notch hackers, speculation is that a nation-state attack might target the financial industry in any number of European countries or the United States, which are seen as partisan in these rising tensions. In late January, the New York Department of Financial Services reportedly warned the financial firms it regulates that the situation online and offline could heat up if Russia continued to escalate its position and invade the Ukraine, forcing the U.S. to lay down sanctions against Russia, per Thomson Reuters’ Regulatory Intelligence.

Many industries may feel the weight of a Russian-based cyberattack, as SC Media reported earlier this month, but potentially none so heavily as the financial industry, where a successful cyberattack could not only throw a huge spanner in the works of banking and payments, but could potentially create a significant distraction that Russia could exploit in its attacks on Ukraine. While White House officials have been long condemning Russia for impactful cyberattacks for years — witness 2017’s NotPetya — Russian political officials have publicly denied that that have or would back any such kind of state-funded cybercrime.

The further downstream effect could present even more issues on the cybersecurity front for financial institutions. Nation-state hackers could use a sophisticated incursion at a major financial institution as a path to other companies in technology, industrial, food supply or the government. And, Wieczorek claimed, when the nation-state zero-days and attacks are uncovered and become public, cybercrime syndicates could smell blood in the water and enlist those same tactics and technologies, too — creating a financial industry cyber feeding frenzy.

“There could be a long tail to this threat,” Wieczorek said. “I could see all sorts of rules flipped on their head.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.