Regulators, MBA Urge Cybersecurity Vigilance as Worldwide Tensions Escalate

As the Russian invasion of Ukraine escalates and governments worldwide impose economic sanctions, financial regulators have begun to issue guidance in anticipation of potentially heightened cybersecurity attacks and virtual currency disruptions.

Rick Hill, Vice President of Industry Technology with the Mortgage Bankers Association, said MBA members should be particularly vigilant.

“The invasion of Ukraine is expected to result in instability for some time and could result in escalating cyber risks to our industry,” Hill said. “As lending is a critical component of our nation’s infrastructure, we urge our members to remain extra vigilant for attempts to breach their systems through phishing and other attack methods.”

Freddy Feliz, MBA CIO & VP of Information Technology, noted “organizations should also ensure that their third-party vendors and contractors are following the same protocols, as they could become a potential avenue for these attacks.”

The Cybersecurity and Infrastructure Security Agency updated its ‘Shields-Up’ website (https://cisa.gov/shields-up) to promote awareness of current cybersecurity threats and mitigations.

“While there are no specific or credible cyber threats to the U.S. homeland at this time, Russia’s unprovoked attack on Ukraine, which has involved cyber-attacks on Ukrainian government and critical infrastructure organizations, may impact organizations both within and beyond the region, particularly in the wake of sanctions imposed by the United States and our allies,” CISA said. “Every organization—large and small—must be prepared to respond to disruptive cyber activity.”

On its website, CISA offers the following recommendations:

• CISA recommends all organizations—regardless of size—adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.
• In this heightened threat environment, CISA asks that organizations lower thresholds for reporting incidents to the FBI or CISA to help the U.S. government identify issues and help protect against further attack or victims.

Additionally, CISA said organizations should report unusual activity immediately to CISA (https://us-cert.cisa.gov/forms/report) at central@cisa.gov or (888) 282-0870 and/or FBI local field office (https://www.fbi.gov/contact-us/field-offices) or the FBI’s 24/7 CyWatch at (855)-292-3937 or CyWatch@fbi.gov of any impacts.

The New York Department of Financial Services last week issued guidance on its cybersecurity and virtual currency regulations in response to the Russian military actions in Ukraine and recently imposed sanctions. NYDFS specifically raised the specter of elevated cyber risk resulting from ongoing cyberattacks against Ukraine, which it said could spill over to other networks, as well as potential direct attacks against U.S. critical infrastructure.

“The Russian invasion of Ukraine significantly elevates the cyber risk for the U.S. financial sector,” said NYDFS Superintendent Adrienne A. Harris. “Russia’s ongoing cyber-attacks against Ukraine could spill over and damage networks outside of Ukraine – as has happened in the past. Escalating tension between the U.S. and Russia also increases the risk that Russian threat actors will directly attack U.S. critical infrastructure in retaliation for sanctions or other steps taken by the U.S. government.”

NYDFS urged financial institutions to “review their programs to ensure full compliance, with particular attention to core cybersecurity hygiene measures like multi-factor authentication, privileged access management, vulnerability management and disabling or securing remote desktop protocol access.” Additionally, institutions should:

–Review, update and test their incident response and business continuity planning and ensure that those plans address destructive cyber-attacks such as ransomware.

–Review and implement practices not already in place in the Department’s June 2021 Ransomware Guidance, which sets forth key controls that reduce the risk of destructive cyber-attacks.

–Re-evaluate their plans to maintain essential services, protect critical data and preserve customer confidence considering the realistic threat of extended outages and disruption.

–Conduct a full test of their ability to restore from backups. Regulated entities should not assume that they can restore until a full test has been successfully completed.

–Provide additional cybersecurity awareness training and reminders for all employees. 

Additionally, NYDFS said regulated entities that do business in Ukraine and/or Russia should take increased measures to “monitor, inspect and isolate traffic from Ukrainian or Russian offices and service providers, including over virtual private networks. Regulated entities should review firewall rules, active directory and other access controls, and should segregate networks for Ukrainian or Russian offices from the global network.”

Regulators also noted the Russian invasion significantly increases the risk that virtual currency transfers could be used to evade sanctions for listed individuals and entities, including through transmission of virtual currency to or from users located in comprehensively sanctioned jurisdictions.