Warfare plays an unfortunately significant part in human history: this article is written during the first throes of a dreadful battle playing out on the streets of Ukraine. But the battlefield of old is no longer some “corner of a foreign field”; war now plays out in digital fields that impact global companies and use state-of-the-art technologies. The hybrid war, coined by Frank Hoffman, blends conventional warfare, irregular methods such as assignations, and cyber-attacks.
Now, warning sirens about expected cyber-attacks are sounding across the globe. How can financial institutions and other companies prepare for this digital war that is playing out in Europe?
Be afraid and expect the worst
Russian state-sponsored hacking groups have attacked companies the world over in recent years. One of the most infamous of these is REvil, the cybercriminal group behind the Colonial Pipeline ransomware attack.
Back in January 2022, REvil group members were arrested in what was described as a “rare apparent demonstration of US-Russian collaboration at a time of high tensions between the two over Ukraine.” Earlier in January, however, 70 Ukrainian government websites were defaced and a warning displayed stating. "be afraid and expect the worst". Signs that the attacks originated from Russian intelligence were proposed, but Russia denied involvement. This denial, obfuscation, and gameplay cause deliberate confusion to muddy the waters. But Russian state-sponsored hacking gangs and Russian hackers, in general, are prolific with 74% of the money extorted from ransomware attacks in 2021 funneled to Russia-linked hackers.
As we watch the invasion of Ukraine by Russia the situation is clear: hacking groups are now part of a concerted digital war in Ukraine that is spilling over to the rest of the world.
In recent days, Ukrainian government websites have been further defaced and malware has been installed. A statement on a Microsoft blog told readers that “on February 24, Microsoft’s Threat Intelligence Center (MSTIC) detected a new round of offensive and destructive cyberattacks directed against Ukraine’s digital infrastructure.” The blog also mentions a new malware variant named “FoxBlade.
There is now also a warning that a cyberattack on a NATO member state would result in Article 5, of its collective defense clause being triggered. The digital war and the conventional war may well end up converging as the escalation begins.
As far as the world of banking and finance is concerned, these institutions are part of this merger of the old and the new war. The financial critical infrastructures such as SWIFT have been pulled into the Russian-Ukrainian war to enforce sanctions against Russia, to avoid military intervention. The result is an economic and financial war on a scale never seen before.
“Be afraid and expect the worst” sums up the next steps in this war of attrition against any institution that is drawn into this conflict.
Tit for tat and the hybrid war
Cyberwar escalates as easily as a conventional war. Actions such as the joint decision by the European Commission, US, Italy, France, Germany, UK, and Canada to disconnect several Russian banks from the SWIFT system, is likely to see retaliative cyberattacks
Attacks by Russia on the banking system are nothing new: another Russian state-associated hacking gang, ‘Fancy Bear’, was said to have carried out a massive cyber-attack on the German infrastructure and the country’s banking system in 2021. Now, British, U.S., and European banks are on high alert for similar attacks against their systems. In the UK, the NCSC (National Cyber Security Center) has published a warning to all UK organizations to “bolster their online defenses'. The New York Department of Financial Service has issued a similar warning to financial institutions stating: “The Russian invasion of Ukraine significantly elevates the cyber risk for the U.S. financial sector.”
The war of attrition and tit for tat has begun in earnest, and the banking sector is in the sights of Russian-backed cybercriminals. The digital war is upon us, and the financial sector is a key target in this war. As such, the sector will be a focus of retaliation and the cyber guns are being loaded with attacks that will go well beyond website defacing.
Retaliation and malware
The financial sector must brace itself for a slew of cyberattacks. The most likely will be new malware variants, used to carry out general damage and ransomware attacks. Examples include HermeticWiper and WhisperGate malware, the latter a form of ransomware that overwrites the boot record. The alerts are coming thick and fast, warning about cyberattacks in response to the measures taken against Russia for waging war on Ukraine.
The U.S. CISA (Cybersecurity and Infrastructure Security Agency) issued a warning as part of its ‘Shields Up’ campaign. The warning mentions yet another ransomware group with links to Russian Intelligence, named Conti:
“The Conti ransomware actors threaten "retaliatory measures" targeting critical infrastructure in response to "a cyberattack or any war activities against Russia.”
FIs are already a target for cybercriminals, with the banking sector experiencing a whopping 1,318% increase in ransomware attacks last year. The financial sector is vulnerable to these types of retaliatory attacks, and cybercriminals and hacking gangs have already established where weaknesses lie within banking systems.
The speed of digital transformation, uptake of emerging technologies in automation efforts, and the Covid-19 pandemic have led to the financial sector suffering from a slew of vulnerabilities in areas as diverse as Identity and Access Management, omnichannel customer support, insider threats, upkeep of sanction lists, money laundering, supply chain risks, and misconfiguration and patching gaps.
Previous attacks and intelligence gathered as part of reconnaissance exercises to plan an attack, add to the vulnerable nature of the financial sector.
The rise of cyberattacks is leading to a comparable rise of the cybersecurity vendor. Shares in cybersecurity companies are rising sharply. Cybersecurity companies are bracing themselves to help FIs in this hybrid war. EastNets is a vendor on the cutting edge of AML Saeed Patel, product and tech expert at Eastnets highlighted the burden of ever-changing sanction lists during this time of war. Patel said that “blockchain technology ensures banks receive sanctions list updates as they’re made, in a secured way.”
Areas that need attention during this time, and require a ‘Shields Up’ proactive cybersecurity position are:
- Hygiene of sanction lists: As mentioned, keeping sanction lists that are fluid up to date is vital to protect not only the FI but to ensure that the sanctions are enforced correctly.
- Robust authentication: use multi-factor authentication (“MFA”), privileged access management (PAM)
- Employee awareness: at this heightened time of risk it is important to ensure that all employees understand where the vulnerabilities in the system are and how the human factor impacts security.
- Test and harden disaster recovery and business continuity: Test and review your current incident response and business continuity planning in terms of the types of expected retaliative cyber-attacks such as ransomware.
- Double down on AML activity: money laundering is used to fuel war. Use effective smart AML systems to detect and block money laundering.
Learn more about Eastnets' robust, real-time and multi-channel fraud prevention solution.
Contact us today for a free demo.