Report: European Central Bank Warns Against Russian HackingRegulators Pointing to Cyber as Tensions Mount in Eastern Ukraine
The European Central Bank, the central bank of the 19 European Union countries that use the euro, has reportedly warned against potential Russian cyberattacks on European banks, and EU banking institutions are reportedly conducting cyber war games to test resiliency against a potential Russian cyber offensive, according to Reuters.
Russia has amassed some 100,000 troops along Ukraine's eastern border and has, for months, teased a full-scale invasion of the former Soviet nation. Russian President Vladimir Putin has worked to bar Ukraine from joining NATO, the intergovernmental military alliance. U.S. President Joe Biden subsequently warned the Kremlin to de-escalate immediately. Threats of such Western intervention prompted the U.S. Department of Homeland Security to issue a bulletin warning of potential cyberattacks on U.S. infrastructure (see: Report: DHS Fears Russian Cyberattack If US Acts on Ukraine).
Foreign policy experts contend that Russia views Ukraine as part of its sphere of influence, and it annexed the Crimean Peninsula in southern Ukraine in 2014. Last month, multiple Ukrainian websites were defaced with dire warnings and propaganda. Language included "be afraid and expect the worst." Affected government sites were pulled offline for restoration. Ukraine's state security service, the SBU, has said it believes the activity is linked to Russian intelligence services.
In an attempt to broker peace, French President Emmanuel Macron visited both Moscow and Kyiv this week. U.K. Foreign Secretary Liz Truss also visited Moscow this week, according to U.K. media reports.
Reported ECB Activity
Europe's central bank, which is led by Christine Lagarde, a former French minister and former managing director of the International Monetary Fund, is reportedly warning banks of potential network intrusions at the hands of the Russian government or its proxies, and questioning banks on their cyber posture, Reuters writes.
Sources told the news service that the central bank, which has oversight over Europe's largest lenders, has turned much of its attention from pandemic-related scams to the brewing tensions in Ukraine. To enable or deepen military operations, many security and foreign policy experts believe that Russia could launch a cyberattack that would precede any kinetic campaign.
According to the same report, the New York Department of Financial Services issued an alert to financial institutions in late January, similar to DHS language about potential retaliatory cyberattacks should Russia use force and prompt the U.S. to sanction the Kremlin.
The European Central Bank did not immediately respond to Information Security Media Group's request for comment on its reported warning.
US-Russia Verbal Spat
Tensions also spilled over to a United Nations Security Council meeting last week, at which top diplomats from the U.S. and Russia had a verbal spat over Russia's acitivities and the West's response (see: US Sends Top Cyber Official to Europe Amid Ukraine Crisis).
"Russia's actions strike at the very heart of the U.N. Charter," said U.S. Ambassador to the U.N. Linda Thomas-Greenfield. "This is as clear and consequential a threat to peace and security as anyone can imagine."
In response, Russian Ambassador Vasily Nebenzya accused Washington of "whipping up tensions and rhetoric and provoking escalation."
The Kremlin has also previously denied involvement in suspected nation-state attacks and has chided the West over NATO's gradual eastward expansion since 1991.
To some security experts, the conflict uncertainty here can be used to effect change in the U.S., including completing investments in multifactor authentication and zero trust architectures.
Mike Hamilton, the former vice chair for the DHS State, Local, Tribal, and Territorial Government Coordinating Council, tells ISMG: "It's not likely that an actual 'attack' against the financial sector writ large would be in scope for the Russians. What's more likely is that the huge amount of information that's been purloined with personal and financial details of (likely) most Americans would be brought to bear as wide-scale financial fraud."
Hamilton, founder and CISO of the security firm Critical Insight, adds: "The outcome would be to send the financial sector into a tailspin - along with affected individuals - with the benefit of appearing as just more organized crime."
Others agree, saying that Putin will reserve potentially crippling attacks against the West for direct military intervention.
"A cyberattack on Western banks or infrastructure would escalate this conflict to a degree that world leaders could not possibly ignore," says Nathan Fisher, a former special agent with the FBI and currently managing director of the advisory firm StoneTurn. "Putin knows this and recognizes that so long as the rest of us remain untargeted, he will be permitted to continue his bullying of Ukraine with no more consequence than political criticism and possibly sanctions."
In a joint summit held between Biden and Putin in 2021 - following attacks on Colonial Pipeline and a cyberespionage campaign across 100 organizations and nine federal agencies in the SolarWinds incident - Biden urged the Kremlin to act on cybercrime conducted within its borders.
The U.S. has also attributed the NotPetya campaign to the Russians. It was a malware propagation that first crippled Ukrainian infrastructure before moving worldwide in 2017.
In January, Russian authorities arrested 14 individuals suspected of being part of the notorious REvil, aka Sodinokibi, ransomware operation. Russia's Federal Security Agency, or FSB, first reported the arrests (see: Russia Arrests 14 Suspected REvil Ransomware Group Members).
Despite this action taken by Russian law enforcement authorities, tensions over the Ukrainian troop buildup have spurred European regulators to get ahead of potentially damaging attacks.
The U.K.'s National Cyber Security Center has warned organizations to monitor their cybersecurity resilience. Meanwhile, Reuters reports, the head of Germany's Federal Financial Supervisory Authority, aka BaFin, also discussed the clear interplay between cyberwarfare and geopolitics this week.
In a Senate hearing on Tuesday, Homeland Security and Governmental Affairs Committee leaders linked some Russian threat activity to the recently disclosed Log4j flaw - a bug in Apache's open-source logging utility. Experts claimed nation-state hackers have scanned for systems vulnerable to the bug (see: Security Experts Discuss Log4j Mitigation Before US Senate).
Sen. Rob Portman, R-Ohio, speaking from the Senate floor on Tuesday, also echoed the claims that Russia's motives in Ukraine remain suspect, including around IT security.
"They've initiated cyberattacks against public and private entities in Ukraine, and they continue to use disinformation to try to destabilize the democratically elected government in Ukraine," Portman told fellow lawmakers.
Safeguarding Ukraine's Grid
As the conflict persists around Ukraine, some foreign policy experts say Feb. 24-26 is a point of concern, since Ukraine's electricity transmission system will be disconnecting from neighboring countries, including Russia. It's part of obligatory tests in its full synchronization with the European system, scheduled for 2023, according to the Washington, D.C.-based think tank The Atlantic Council.
The February window has been circled as a potential date for retaliatory cyberattacks, according to Aura Sabadus, writing for The Atlantic Council.
"Concerns have been raised about the Ukrainian transmission system's vulnerability to possible cyberattacks or, indeed, Russia's willingness to allow it to reconnect once the test is complete," Sabadus writes.
The test comes amid peak electric demand for Ukraine. Sabadus says some experts have pushed for a Ukrainian delay, until tensions, including those around cyberattacks, ease.
According to the same report, Ukrenergo, which operates the country's transmission lines, has stated its system is prepared for the test. Its CEO, Volodymyr Kudrytskyi, reportedly rejected claims that its systems are vulnerable to cyberattack - noting that the U.S. has invested $11 million to bolster cyber defenses. Kudrytskyi said Ukrenergo was not affected by the recent attacks on Ukrainian websites, Sabadus reports.