By Elizabeth Dilts Marshall
WASHINGTON (Reuters) – U.S. banks are preparing for retaliatory cyber attacks after Western nations slapped a raft of stringent sanctions on Russia for invading Ukraine, cyber experts and executives said.
Tensions between Russia and the West escalated on Saturday as the United States and its allies moved to block some Russian banks from the SWIFT international payment system and placed curbs on the Russian central bank's international reserves.
Western governments have warned for weeks that the tensions could spark massive cyber attacks from Russia or its supporters. Some executives said the latest measures may be the trigger.
"There will be some retaliatory measures taken by them, and I think in the least costly way that they can do it – that means some kind of cyber attack," said Steven Schweitzer, senior fixed income portfolio manager at the Swarthmore Group in New York.
Global banks, already top targets for cyber attacks in peacetime, are increasing network monitoring, drilling for cyber attack scenarios, searching their networks for threats and lining up extra staff in case hostile activity surges, according to cyber security experts.
Among the threats they are preparing for: ransomware and malware attacks; denial-of-service attacks that take down websites; and data wiping and theft, possibly simultaneously.
"Banks are incredibly prepared. They have taken out their playbooks and it's practice, practice, practice," said Valerie Abend, who leads Accenture's global financial services security group.
The largest U.S. banks, JPMorgan Chase & Co, Citigroup Inc, Bank of America Corp, Wells Fargo & Co, Morgan Stanley and Goldman Sachs Group Inc, either did not respond to requests for comment or declined to discuss their cybersecurity plans.
As guardians of critical national financial infrastructure, global banks are subject to strict operational risk rules and have some of the highest cyber security standards in corporate America, according to cyber experts.
The industry regularly plans for attacks and completed a massive, system-wide ransomware drill in November, according to the Securities Industry and Financial Markets Association, which led the exercise.
Leading up to the invasion, there has been a more concerted industry effort to ensure banks' incident responders are on high alert and that they had increased monitoring, Abend said.
The New York Department of Financial Services and the U.S. Cybersecurity and Infrastructure Security Agency have warned private companies to be vigilant for cyber threats.
"We wouldn't be doing our due diligence if we weren't preparing for that," said Teresa Walsh, global head of intelligence at the Financial Services Information Sharing and Analysis Center, an international group of institutions that share cyber intelligence.
"Right now, they've been warning in generalities – just be prepared. We are trying to put some more specificity to it," Walsh added.
Walsh said banks have been brainstorming risk scenarios based on tactics Russian hackers have used in the past. The 2020 SolarWinds Corp software breach that gave hackers access to hundreds of companies using its products, is top of mind.
That has increased lenders' focus on third-party providers such as big cloud and software-as-a-service firms. While banks themselves have big IT budgets and strict compliance programs, if such providers are hacked their data could be exposed.
Banks are urging such partners to ensure they have the right security protocols, according to Walsh and Abend.
They are also "threat hunting," searching for known malicious behaviors inside bank IT systems, examining potential vulnerabilities and testing anything they had to recently patch, Walsh said.
"It's all about being prepared and not waiting for when the crisis happens," Walsh added.
(Reporting by Elizabeth Dilts Marshall; Writing by Michelle Price; Additional reporting by Pete Schroeder, Davide Barbuscia and Matt Scuffham; Editing by Will Dunham)