US financial sector urged to remain vigilant against retaliatory Russian cyberattacks
As the Russian-Ukrainian war nears its fifth month, many U.S. financial institutions — far from the frontline of the fighting and awash with other economic, logistical, and business concerns closer to home — may be letting their guard down when it comes to the cyber threats emanating from this foreign war.
But according to research and advice from at least one leading fintech analyst, now is not the time to drop cybersecurity and follow potential intrusions from nation states like Russia and trade unions. cybercrime they might support.
“The threat is definitely heightened to financial institutions and critical infrastructure at all levels,” said Tracy C. Kitten, director of fraud and security at Javelin Strategy & Research.
In his research note titled “Shields up: How Financial Institutions Should Prepare for Targeted Cyberattacks,” Kitten pointed out, as Russia’s real assault on Ukraine continues, many Western countries, including the United States, have effectively put the Russia in the form of economic sanctions and the support they provide to the Ukrainian army.
“The U.S. government has warned of possible Russian retaliation in the form of cyberattacks against U.S. businesses and interests,” she said in the research note.
For months, financial industry advisers and government advisors have been advising banks, credit unions and other financial institutions that Russia’s invasion of Ukraine “could impact organizations at home.” ‘inside and outside the region, including malicious cyber activity against the American homeland’, largely in retaliation. for the sanctions imposed by the United States and the military support for Ukraine.
However, returning to the first guidelines issued by the Cybersecurity & Infrastructure Security Agency (CISA) on February 23, just days after Russia’s initial invasion of Ukraine, Kitten pointed out that government agencies offered few “specifics “. what banks should do or what types of attacks or vulnerabilities they should watch out for.
To some extent, this approach is “likely intentional, as publicly released information would also be readily available to adversaries,” she said in her research note. Kitten’s research note added, “Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks…Every organization – large and small – must be prepared to respond to disruptive cyberincidents.”
“CISA’s ‘Shields Up’ show [memo] hasn’t been ignored by financial institutions, but it offers little tangible or new advice,” Kitten said in an interview. “As with any geopolitical threat, financial institutions remain on heightened alert for attacks that could knock them offline, such as distributed denial of service attacks, or be used as a pretext for something else.”
To a large extent, most recommendations from CISA and other cybersecurity groups focus on the same basic network security blocking and handling and incident reporting as most financial industry compliance guidelines and critical infrastructures already require.
In the wake of the SolarWinds attack 18 months ago, US financial institutions are urged not only to be aware of the potential impact of direct breaches on their own networks, but also the effect of chain upheavals of supply if Russia or nation-state backed malicious actors interfere in related industries or global infrastructure.
“Executives of some of the main [U.S.] financial institutions reiterated their commitment to be vigilant against threats from Russia,” Kitten said in his research note. “But Shields Up warnings related to specific threats from Russian attackers have not necessarily changed the normal course of cyber defense for most financial institutions.”
“The posture remains that everything is of concern,” she added, “network monitoring and threat mitigation are constant, and best practices should always be reviewed and followed regularly.”