U.S. financial services must brace for increased cyberattacks from Russia
As North America and Europe implement tighter financial restrictions and block Russian banks from using the Society for Worldwide Interbank Financial Telecommunication (“SWIFT”) transactions system, tensions are growing to an all-time high. When Western countries imposed sanctions on Iran in 2012, U.S. banks were attacked by Iranian hackers and flooded with challenges that cost the banking sector tens of millions of dollars. Now, retaliation against these harsher sanctions is likely to increase the number of cybercrimes targeting U.S. public and private institutions—particularly in the financial sector.
Between 2018 and 2021, 3.3 million records were exposed through nearly 6.5 thousand data breaches and leakages affecting the top 20 Global Fortune 500 financial services companies, denoting the increasing attack surface of major critical infrastructure companies in this sector. Cyber threats to banks and other financial services companies are not a newly identified threat in 2022, given that banks are already major targets for cyberattacks in peacetime. However, due to the geopolitical context in which targeted attacks by Russian hackers are expected to surge, U.S. banks and financial entities must brace not only for an increased frequency of attacks, but increased sophistication in tactics, techniques and procedures (TTPs) as well.
In early February, the European Central Bank warned of heightened cybercrime from sophisticated nation-state hackers. Now, amid the Ukraine crisis, Western nations—particularly the U.S.—must be on high alert for potentially catastrophic cyber threats that could cripple financial services. In fact, two Russian hacker groups recently vowed to retaliate with cyberattacks against those taking action against Moscow. Shortly after sanctions against Moscow were announced, some sources described recent attacks on U.S. financial services as a “subtle but intensified assault on banks’ technological infrastructure.” U.S. banks and financial institutions should be prepared for sophisticated attacks on their infrastructure, with attacks potentially ranging from ransomware and malware to data wiping, theft, or denial-of-service attacks. These attacks can also go largely unnoticed for significant amounts of time before being detected, a challenge that prolongs and increases the risk of financial and reputational damage to a business.
The world has already seen what Russian cyberattacks are capable of, with attacks on the Ukrainian government and their critical infrastructures. It is possible that these attacks will be replicated in the U.S. and on U.S. financial institutions, particularly in the wake of sanctions imposed by the United States and its allies. Every U.S. Bank—large and small—must be prepared to respond to disruptive cyber activity.
Russia’s cyber war against the U.S. is just beginning. CrowdStrike’s CEO noted that banks are particularly concerned with wiper viruses that cripple websites via encrypted continuous information requests through a distributed denial-of-service attack (DDoS). These attacks, which can cause billions of dollars of damage and financial repercussions, also serve to undermine public confidence and wreak havoc that enables the widespread diffusion of disinformation campaigns originating from Moscow. Threat actors linked to Russia have a history of meddling in U.S. politics and infiltrating critical government agencies that impact national security. For banks, critical data may become inaccessible and companies may face interruptions to websites or other integral financial systems that operate the business. Customers may not be able to withdraw cash funds for weeks at a time, depending on the nature of the attack.
What can companies do to prepare?
U.S. banks are a prime target for cyberattacks right now and must be prepared to combat more sophisticated entry, data exfiltration and paralyzing ransomware attacks. We don’t know what we don’t know. Russia’s hackers continue to increase in sophistication and alter their attack methods. But organizations can identify vulnerabilities and enable sophisticated monitoring tools that will notify them if their information or credentials have been compromised, such as employee login credentials or other vulnerable points of entry that can be guarded and modified.
In order to best prepare for the expected increase in cyberattacks on U.S. companies, organizations should hire and partner with cybersecurity experts to protect their sensitive employee information. By partnering with outside experts, companies can actively prepare for and anticipate external cyber threats. Companies should also secure social media accounts and website information to prevent the spread of threats such as malware or disinformation. Additionally, organizations need to have full visibility across the digital sphere to understand digital risk. This includes monitoring the social, surface, deep and dark web, as threat actors leverage diverse channels and tactics to coordinate and execute attacks.
However, none of this will be sufficient if companies don’t take the time and resources to raise employee awareness about the threat of cyberattacks. Employees should be trained to recognize phishing or other common but sophisticated entry point attacks. Protecting the company means protecting and educating all employees on the cyber threats ahead of us and building cyber-resilient corporate cultures.
Written by Sean Tierney.
Have you read?
# Best CEOs In the World Of 2022.
# TOP Citizenship by Investment Programs, 2022.
# Top Residence by Investment Programs, 2022.
# Global Passport Ranking, 2022.
# The World’s Richest People (Top 100 Billionaires, 2022).
# Jamie Dimon: The World’s Most Powerful Banker.