U.S. banks are preparing for retaliatory cyber attacks after Western nations slapped a raft of stringent sanctions on Russia for invading Ukraine, cyber experts and executives said.
Tensions between Russia and the West escalated on Saturday as the United States and its allies moved to block some Russian banks from the SWIFT international payment system and placed curbs on the Russian central bank’s international reserves. Western governments have warned for weeks that the tensions could spark massive cyberattacks from Russia or its supporters.
Some executives said the latest measures may be the trigger. Several major financial institutions declined to comment publicly on their plans in light of sanctions, but retaliatory hacks are a major worry, several individuals connected to the U.S. banking industry said. One of the people added that Biden administration officials have told banks they intend to share intelligence among multiple U.S. agencies in order to mount a quick response, but the officials haven’t spelled out what any response might be.
On Thursday, the Treasury Department issued a directive banning U.S. financial institutions from opening or maintaining correspondent banking accounts for Russia’s biggest bank, Sberbank, and its subsidiaries, effectively cutting them off from the U.S. financial system starting on March 26. The directive is part of the latest sanctions package from the Biden administration that also includes sanctions on Russian state-owned VTB Bank and new debt and equity restrictions on more than a dozen Russian entities.
“There will be some retaliatory measures taken by them, and I think in the least costly way that they can do it – that means some kind of cyberattack,” said Steven Schweitzer, senior fixed income portfolio manager at the Swarthmore Group in New York. Global banks, already top targets for cyberattacks in peacetime, are increasing network monitoring, drilling for cyberattack scenarios, searching their networks for threats, and lining up extra staff in case of hostile activity surges, according to cyber security experts.
Among the threats they are preparing for: ransomware and malware attacks; denial-of-service attacks that take down websites; and data wiping and theft, possibly simultaneously. “Banks are incredibly prepared. They have taken out their playbooks and it’s practice, practice, practice,” said Valerie Abend, who leads Accenture’s global financial services security group.