As Russia faces sanctions and expulsion from SWIFT, fears of Russian cyber-attacks are rising.
The White House
Russian President Vladimir V. Putin’s bloody invasion of Ukraine has caused the expulsion of key Russian banks from SWIFT, spurred multiple economic sanctions, and increased the chances that Russian hackers will retaliate via attacks upon financial services organizations.
In response to Russia’s aggression, President Biden, European leaders, and Japan have imposed a series of global economic sanctions that will impact U.S. financial services firms for months and possibly years to come.
On the cybersecurity front, though, authorities have warned firms to brace themselves for crippling attacks. For instance, in a tweet on February 24, U.S. Senator Mark Warner (D-VA), who’s also the chairman of the Senate Select Committee on Intelligence, is urging the U.S. to reinforce its cyber-security defenses.
“Russia is fighting both a kinetic and cyberwar — I encourage all Americans and businesses to strengthen all their cyber defenses in light of the possibility of disruptions,” Warner says via the Twitter social media platform.
On the sanctions front, governments are removing Russian institutions from the global SWIFT financial messaging and support systems cooperative. Such moves are dealing serious blows to Russia’s banking, capital markets, oil trading, and commodities transactions businesses.
However, analysts have noted that Russia could shift to cryptocurrency markets to get around some of the sanctions. Authorities are also considering crypto bans to close that digital loophole.
The global sanctions push began via a joint statement, released Feb. 26, when the European Commission, France, Germany, Italy, the U.K., Canada, and the U.S. outlined steps to push Russian banks out of SWIFT.
By Feb. 27, Japan’s government announced that it also backs disconnecting Russia from SWIFT, signifying that all members of the G7 support the expulsions.
“We will hold Russia to account and collectively ensure that this war is a strategic failure for Putin,” according to the joint statement. “First, we commit to ensuring that selected Russian banks are removed from the SWIFT messaging system. This will ensure that these banks are disconnected from the international financial system and harm their ability to operate globally.”
The joint statement also includes a commitment to impose “restrictive measures that will prevent the Russian Central Bank from deploying its international reserves in ways that undermine the impact of our sanctions.”
By March 2, E.U. council officials approved the banning of Bank Otkritie, Novikombank, Promsvyazbank, Rossiya Bank, Sovcombank, Vnesheconombank (VEB), and VTB from SWIFT.
“This measure will stop these banks from conducting their financial transactions worldwide in a fast and efficient manner,” according to a prepared statement from the E.U. “Today’s decision has been closely coordinated with the EU’s international partners, such as the United States and the United Kingdom.”
Ursula von der Leyen
“This is the largest sanctions package in our Union’s history. Today’s decision to disconnect key Russian banks from the SWIFT network will send yet another very clear signal to Putin and the Kremlin,” says Ursula von der Leyen, president of the E.U., in a prepared statement.
In their statement, E.U. officials say that the bans “will take effect as of 12 March 2022. This will give SWIFT and other operators a brief transition period to implement the measure, thereby mitigating any possible negative impacts for EU businesses and financial markets.”
The E.U. may add to the list of banned banks “at short notice,” depending upon Russia’s behavior, officials add.
In a statement on its website on March 2, SWIFT officials report that they are engaging with authorities “to understand which entities will be subject to these new measures and will disconnect them once we receive legal instruction to do so. The SWIFT community will be kept updated through regular customer channels, and the Knowledge Centre of mySWIFT on swift.com .”
As the SWIFT bans take effect, other sanctions are well underway.
Late on Monday, Feb. 21, Biden signed an executive order (E.O.) that forbids the importation into the United States “directly or indirectly, of any goods, services, or technology from the so-called DNR or LNR regions of Ukraine,” according to the order.
The full text of the order can be found here: https://bit.ly/3h4HPaA
In addition, since Tuesday, Feb. 22, the Biden team via the U.S. Treasury and its Office of Foreign Assets Control (OFAC) agency have been announcing a series of sanctions against large Russian financial institutions and against individuals that are considered to be oligarchs supporting Putin.
As of Feb. 25, Treasury-OFAC officials imposed sanctions “drastically altering their fundamental ability to operate” upon:
- V.E.B. which is the Corporation Bank for Development and Foreign Economic Affairs Vnesheconombank;
- Promsvyazbank Public Joint Stock Company (PSB) and 42 of its subsidiaries;
- Public Joint Stock Company Sberbank of Russia (Sberbank)
- And VTB Bank Public Joint Stock Company (VTB Bank).
“On a daily basis, Russian financial institutions conduct about $46 billion worth of foreign exchange transactions globally, 80 percent of which are in U.S. dollars. The vast majority of those transactions will now be disrupted,” according to Treasury-OFAC officials.
Biden also announced that there will be “comprehensive sanctions on Russian sovereign debt. That means we’ve cut off Russia’s government from Western financing. It can no longer raise money from the West and cannot trade in its new debt on our markets or European markets either.”
The new debt sanctions extend “existing sovereign debt prohibitions to cover participation in the secondary market for bonds issued after March 1, 2022, by the Central Bank of the Russian Federation, the National Wealth Fund of the Russian Federation, or the Ministry of Finance of the Russian Federation,” according to OFAC.
In the U.K., Prime Minister Boris Johnson announced that England “is sanctioning the following five Russian banks: Rossiya, IS Bank, General Bank, promsvyazbank and the Black Sea Bank. And we are sanctioning three very high net worth individuals … Any assets they hold in the UK will be frozen, the individuals concerned will be banned from traveling here, and we will prohibit all U.K. individuals and entities from having any dealings with them.”
Johnson noted that this is just the first set of sanctions. Other European nations are also expected to continue issuing sanctions.
NY State, FINRA & CISA Warn Against Cyber Attacks
Gov. Hochul
At the state level, the crisis has spurred New York Gov. Kathy Hochul to put her cabinet on alert because of the threat of hackers based in Russia.
Hochul noted that New York State is an attractive target for Russian cybercriminals because of its influential roles in financial services, healthcare, energy, and transportation.
“My Administration has taken significant steps to prepare for what have become increasingly sophisticated cyberattacks … which is more than double from last year. Cabinet leaders will continue reviewing their cyber-risk management readiness and communicate with relevant industry and government partners to ensure threat intelligence is being relayed as quickly as possible,” Hochul says.
Before Russia’s invasion of Ukraine, brokerage self-regulator FINRA issued a cybersecurity alert on Feb. 15 that warned of an attack by Russian hackers upon U.S. organizations.
“The Cyber and Analytics Unit (CAU) within FINRA’s National Cause and Financial Crimes Detection (NCFC) program would like to bring an important cyber-related development to your attention,” according to the FINRA alert.
“The Cybersecurity & Infrastructure Security Agency (CISA) and the FBI issued a ‘Shields Up’ warning this week regarding potential Russian cyberattacks to target U.S. organizations related to Russia’s potential destabilizing actions against Ukraine. CISA advised that while there are not currently any specific credible threats to the U.S., they recommend that all organizations, namely U.S. critical infrastructure including the financial service industry, adopt a heightened posture related to cybersecurity,” according to the FINRA alert.
In fact, CISA officials are directing people to visit its website https://bit.ly/3gKRinc where they can find recommendations for specific actions to reduce the likelihood of a cyber intrusion, detect a potential intrusion, ensure organizations are prepared to respond to an intrusion and maximize an organization’s resilience to a cyber incident.
“Implementing the recommended steps will assist your firm in protecting its critical assets including confidential customer and firm information,” officials add.
CISA officials urge critical infrastructure owners to:
- Identify vulnerabilities, educate staff on proper cyber hygiene, and mitigate the impact of mis-, dis-, and mal (MDM) information narratives;
- Set up an MDM incident response plan with an individual to oversee the MDM incident response process and associated crisis communications;
- Establish roles and responsibilities for MDM response that includes responding to “media inquiries, issuing public statements, communicating with your staff, and engaging your stakeholder network;”
- Ensure communication systems such as phones, social media accounts, and centralized inboxes can handle surges in inquiries and can be monitored by multiple people on a rotating schedule to avoid burnout;
- Identify and train staff on reporting procedures to social media companies, government, and/or law enforcement;
- And consider internal coordination channels and processes for “identifying incidents, delineating information sharing and response.”
“Foreign actors can combine influence operations with cyber activities, requiring additional coordination to facilitate a whole-of-organization response,” according to CISA, which offers MDM resources via www.CISA.gov/mdm-resource-library
Need a Reprint?