As the U.S. imposes economic sanctions against Russia, cybersecurity firms and federal officials are advising American banks to shore up their cyberdefenses but also saying that state-sponsored attacks don’t appear to be imminent.
With Russian troops advancing on Kyiv, American officials warned this week that the bigger threat for U.S. banks currently appears to be cyberattacks on Ukrainian banks, which could have ripple effects outside of that country.
Last week, the U.S.
Separately, Reuters
Such data-wiping attacks are resurging, according to Matt Radolec, a senior director at the cybersecurity firm Varonis, where he works on incident response forensics and investigates new threats.
“There are victims to this destructive malware already,” Radolec said.
In a data-wiping attack, cyber criminals gain access to an entity’s data and may use the threat of permanently erasing it to extort a payout. Other times, they simply delete the data wholesale.
Hackers are also launching more prominent ransomware attacks, and some evidence suggests those attacks are tied to state-sponsored organizations in Russia, Radolec said.
The U.S. and Russia had long shared information to thwart cybercriminals and unmask them, but experts said that those ties will likely be severed as a result of Russia’s invasion of Ukraine.
Radolec said that his company’s caseloads contain evidence that cybercriminals are using the war as a prime opportunity to strike.
“Their goal is disrupting the American way of life,” Radolec said. “Financial institutions, while hardened, are targets because they represent American prosperity.”
The White House provided its own cybersecurity guidance last week.
“While there are currently no specific or credible cyberthreats to the homeland, the U.S. government has been preparing for potential geopolitical contingencies since before Thanksgiving,”
On Feb. 16, officials from the Treasury Department, the FBI and the federal Cybersecurity and Infrastructure Security Agency met with the CEOs of several large and midsize U.S. banks to discuss cyberthreats, according to a readout from the meeting.
A Treasury spokesperson declined to comment on whether the meeting’s participants specifically discussed heightened risks of cyberattacks on U.S. banks as a result of the Russia-Ukraine conflict.
So far, cyberattacks on financial institutions have primarily impacted Ukraine, said Adam Meyers, senior vice president of intelligence for cybersecurity firm Crowdstrike.
He described three categories of potential attacks: First, Russian cyberattacks targeting Ukraine, which he said are “highly likely if not ongoing.”
Second are Russian attacks on Western entities. While Meyers said that such attacks are currently unlikely, he noted that the sanctions announced Thursday by the European Union and the United States “could change that calculus.”
The third category that Meyers identified involves the potential for “collateral impact” on U.S. banks as a result of Russian attacks on Ukrainian banks. The concern is that self-propagating malware could move beyond Ukraine if such an attack were unconstrained in its targets.
One such unconstrained attack was