In recent days, the Russia-Ukraine standoff in the physical world has also spilled into the cyber realm, with politicians and cybersecurity experts alike warning of potential attacks against the U.S. financial industry.
As a result, banks are seeking support in better addressing potential vulnerabilities. Victor Wieczorek, nation state red teamer and director of threat and attack simulation at cybersecurity firm GuidePoint Security, works with financial institutions on table top exercises to simulate a Russian cyberattack. “We’re seeing a lot of action and activity on the cyber front,” he says. “As tensions rise and there’s more poking and prodding... we’re seeing a long tail here.”
Wieczorek is seeing many conventional security rules “flipped on their head,” as U.S. financial firms try to raise security awareness and test employees about potential fraudulent incursions.
The scramble comes after Biden administration officials announced that they believed Russian-backed bad actors had targeted Ukraine banks, as well as the Ukraine Ministry of Defense. In recent days, the White House found Russia responsible for at least one major distributed denial of service (DDoS) attack, according to published reports from White House deputy national security adviser for cyber and emerging technology Anne Neuberger. Potentially contributing further to tensions, President Joe Biden's administration reportedly prepared an initial package of sanctions against Russia, according to Reuters, that includes barring U.S. financial institutions from processing transactions for major Russian banks, three people familiar with the matter said.
Indeed, aside from the obvious access to funds and data that hackers can use in further fraud schemes, targeting of banks can cause disruptions in the U.S. infrastructure, and severely impact the reputation of the financial institutions that they might breach.
According to the recent Advance Threat Research Report from Trellix, the financial sector was the most targeted sector seeing 22% of ransomware and 37% of APT detections (followed by utilities, retail and government). And even before the encroachment on Ukraine, Russian and Chinese nation-state backed groups were believed to be responsible for nearly half (46% combined) of all observed APT threat activity, according to the Trellix research.
Meanwhile, gaining initial access via an unprivileged account can be “as easy as buying stolen credentials from past breaches on the dark web,” according to Steve Povolny, principal engineer and head of advanced threat research at Trellix. “Coupled with this vulnerability to execute code as root, attackers will look to implement this into malware and rootkits quickly for a full exploit chain.” Nearly two-thirds of employees say they have been “approached” by ransomware profiteers, according to a recent study by Pulse and Hitachi.
U.S. officials attributed last year’s cyberattacks on the Colonial Pipeline and JBS meat supplier to Russian-backed hackers. “It’s safe to assume that critical infrastructure could be a major target, if not the target, should these attacks come to fruition,” says Mark Carrigan, cyber vice president of process safety and OT cybersecurity at Hexagon PPM.
“It comes as no surprise that during a time of rising international tensions, critical infrastructure is now a target of cyber attackers,” he adds. “History has shown that in the opening days of warfare, the command, control and logistics of an adversary are among the first targets.”
U.S. President Joe Biden voiced a commitment to provide resources for defending against potential cyber threats. “If Russia attacks the United States or our allies through asymmetric means, like disruptive cyberattacks against our companies or critical infrastructure, we are prepared to respond,” Biden said during a recent speech at the White House. Indeed, the European Central Bank already raised its alert for a potential cyberattack, and is said to be reaching out to European banks about their readiness to face potential cyberattacks if they come, according to reports from Reuters.