Big banks fear SWIFT is at increased risk of a Russian cyberattack after seven of the country’s lenders were removed from the global payment messaging system over the weekend.
VTB, Russia’s second-largest bank, and Promsvyazbank, which finances Russia’s war machine, were among lenders pulled out of SWIFT on Saturday as part of the West’s sanctions campaign against Moscow in response to the invasion of Ukraine. .
Senior executives responsible for cyber security at several banks told the Financial Times that the threat to SWIFT, which enables banks to send trillions of payments across borders every day, could be if more Russia’s lenders are expelled from the system. So it can increase.
Russia’s largest banks, Sberbank, and Gazprombank, have so far been placed on Swift because they facilitate most payments to the West for Russian oil and gas.
Officials are concerned that SWIFT may be a more attractive target than individual banks, as it is a pinch point in the global financial network.
“There are a lot of concerns about Swift,” said a financial regulator that oversees some banks. “Banks seem to be comfortable with their own cyber security levels, but a hit to SWIFT would be very damaging to the entire banking system.”
Although banks have become increasingly concerned about SWIFT as a potential target, so far, Russia’s cyber attacks have only targeted Ukrainian government departments and infrastructure.
Officials monitoring cyber defense within their banks told the FT that they had put their teams on alert for possible retaliatory attacks.
SWIFT plays an important role in global banking, with more than 11,000 financial institutions using the system, which facilitates transactions worth trillions of dollars every day.
“During a war, this is the most effective place to hit – it is the center of the global banking system, which connects everything,” said a senior bank official.
An executive overseeing cyber security at another lender said the threat level from Russian attacks had “significantly increased” in recent weeks.
“We build models for cyberattacks on institutions like the Fed, but we think the hit on SWIFT is more likely in retaliation for Russian banks,” he said. “This will have huge consequences for the global banking network.”
SWIFT, a Brussels-based organization owned by its members and oversees the G10 central banks, previously reported attacks on its network by cybercriminals.
In 2016, hackers robbed Bangladesh’s central bank of $81 million in one of the largest bank robberies in history by taking advantage of vulnerabilities in other banks on SWIFT. The hackers used malware to impersonate other banks on the system and send payment requests.
Analysts said the strategy is similar to the one used by hackers targeting Sony Pictures Entertainment in 2014, for which the FBI blamed North Korea.
In response, SWIFT introduced a new system of mandatory controls for member banks and intensified their monitoring.
It also launched a program to help its members improve their cyber security and share information about attacks with each other to protect the network.
Swift said in a statement that all its services were operating normally.
“Swift takes security very seriously, and we have a robust control environment for physical and cyber security,” it added. “Like banks, market infrastructure and other financial institutions, we continuously monitor the threat landscape and adapt responses accordingly.”