British banks brace for Russian cyber attacks: Lloyds boss says business is on 'heightened alert'


British banks are bracing themselves for Russian cyber attacks, with the boss of Lloyds saying the business is on a ‘heightened alert’.

Steps are being taken over fears Vladimir Putin will unleash his criminal network of hackers on the UK following his invasion of Ukraine this morning. 

Preparation for potential attacks was discussed in a meeting between the government and banking industry leaders yesterday, Lloyds chief executive Charlie Nunn said.

He added that the firm was on ‘heightened alert … internally around our cyber risk controls and we’ve been focused on this for quite a while’.

British banks are bracing themselves for Russian cyber attacks, with the boss of Lloyds saying the business is on a 'heightened alert

British banks are bracing themselves for Russian cyber attacks, with the boss of Lloyds saying the business is on a ‘heightened alert

Preparation for potential attacks was discussed in a meeting between the government and banking industry leaders yesterday, Lloyds chief executive Charlie Nunn (pictured) said

Preparation for potential attacks was discussed in a meeting between the government and banking industry leaders yesterday, Lloyds chief executive Charlie Nunn (pictured) said

Guidance issued to UK businesses by National Cyber Security Centre

Here is a series of actions recommended by officials at GCHQ’s National Cyber Security Centre:

  • Check your system patching: Ensure your users’ desktops, laptops and mobile devices are all patched, including third party software such as browsers and office productivity suites. If possible, turn on automatic updates.
  • Verify access controls: Ask staff to ensure that their passwords are unique to your business systems and are not shared across other, non-business systems.
  • Ensure defences are working: Ensure antivirus software is installed and regularly confirm that it is active on all systems and that signatures are updating correctly.
  • Logging and monitoring: Understand what logging you have in place, where logs are stored and for how long logs are retained. Monitor key logs and at a minimum monitor antivirus logs. If possible, ensure that your logs are kept for at least one month.
  • Review your backups: Confirm that your backups are running correctly. Perform test restorations from your backups to ensure that the restoration process is understood and familiar.
  • Incident plan: Ensure that the incident response plan contains clarity on who has the authority to make key decisions, especially out of normal office hours.
  • Check your internet footprint: Check that records of your external internet-facing footprint are correct and up to date. This includes things like which IP addresses your systems use on the internet or which domain names belong to your organisation. 
  • Phishing response: Ensure that staff know how to report phishing emails. Ensure you have a process in place to deal with any reported phishing emails.
  • Third party access: If third party organisations have access to your IT networks or estate, make sure you have a comprehensive understanding of what level of privilege is extended into your systems, and to whom. 
  • NCSC services: Check your CiSP account works so you can access and share information about the threat with other organisations and see updates from the NCSC.
  • Brief your wider organisation: Ensure that other teams understand the situation and the heightened threat. Getting buy-in from the rest of the business is crucial in being able to complete the actions described here.

Earlier this week, GCHQ’s National Cyber Security Centre (NCSC) urged UK organisations to ‘bolster their online defences’ and warned that there has been an ‘historical pattern of cyber attacks on Ukraine with international consequences’.

Ukrainian banking and government websites were last week briefly knocked offline by a spate of distributed denial of service (DDoS) attacks which the US and Britain said were carried out by Russian military hackers – something the Russians denied. 

This prompted concerns that the same sort of attack could now be attempted in the UK.

DDoS attacks try to crash a website by bombarding it with superfluous requests at the same time – and this surge of simple requests overloads the servers, causing them to shut down. 

In order to leverage the number of requests necessary, hackers will often resort to botnets – networks of computers brought under their control with malware. 

Defence Secretary Ben Wallace also said the UK will launch retaliatory cyber attacks on Russia if it targets Britain’s computer networks, and that ‘offensive cyber capability’ was being developed from a base in North West England.

It comes after Home Secretary Priti Patel warned over the weekend that the UK Government expects to see ‘cyber attacks aimed at the West’, while NCSC chief executive Lindy Cameron told of a ‘heightened cyber threat’.

And in recent weeks the Financial Conduct Authority watchdog has written to the chief executives of UK banks warning them to brace for Russian-sponsored cyber attacks and to ensure their security systems are updated.  

It comes as Europe’s financial sector suffered heavy share price falls today, with U.S. banks set to follow suit, as it grappled to respond to Russia’s invasion of Ukraine.

Among initial measures, Allianz disclosed that it had frozen its Russian government bond exposure, while Deutsche Bank said it had contingency plans in place as U.S. and European officials warned of further sanctions on Russia.

Shares of leading banks plunged, with the banking sector down 7.3% in early afternoon, steeper than a 4.7% fall for the Euro Stoxx index.

Banks with significant operations in Russia were particularly hard hit. Austria’s Raiffeisen Bank International was down 18.7% while Societe Generale lost 10.8%, though it said its Russian unit Rosbank continued to operate normally.

Shares in UniCredit fell 10.7% and triggered an automatic trading suspension, though the lender said its Russia ‘exposures are highly covered’.

Top U.S. banks, including JPMorgan & Chase, Citigroup, Goldman Sachs, and Morgan Stanley, shed 3-5% in pre-market trade. That was a heavier fall than the broader market, where futures tracking the S&P were down 2.6%. 

European banks are the world’s most exposed to Russia – especially those in France, Italy and Spain, which far outstrip U.S. banks’ exposure, data from the Bank for International Settlements shows.

German regulator BaFin said it was keeping a watchful eye on the crisis.

Steps are being taken over fears Vladimir Putin will unleash his criminal network of hackers on the UK following his invasion of Ukraine this morning

Steps are being taken over fears Vladimir Putin will unleash his criminal network of hackers on the UK following his invasion of Ukraine this morning

What is a DDoS attack and how does it work? 

DDoS stands for Distributed Denial of Service, which is a former of cyber attack. 

These attacks attempt to crash a website or online service by bombarding them with a torrent of superfluous requests at exactly the same time.

The surge of simple requests overloads the servers, causing them to shut down.

In order to leverage the number of requests necessary to crash a popular website or online service, hackers will often resort to botnets – networks of computers brought under their control with malware.

Malware is distributed by tricking users into inadvertently downloading software, typically by tricking users into following a link in an email or agreeing to download a corrupted file.

Last week, Ukrainian banking and government websites were briefly knocked offline by a spate of DDoS attacks which the US and Britain said were carried out by Russian military hackers. Russia rejected the allegations. 

European Union leaders will impose new sanctions on Russia, freezing its assets, halting access of its banks to the European financial market and targeting ‘Kremlin interests’ over its ‘barbaric attack’ on Ukraine, senior officials said today.

But in what will be a relief to Europe’s banks, the European Union is unlikely at this stage to take steps to cut off Russia from the SWIFT global interbank payments system, several EU sources said.

Both Deutsche Bank and Allianz – two of Europe’s most important financial businesses and both with operations in Russia – said they were ready to comply with sanctions.

Allianz, one of the world’s biggest asset managers, said that the share of Russian government bonds in its portfolio was ‘currently very low’ and that it had recently implemented a freeze on those securities.

Deutsche Bank, like many lenders in recent years, has reduced its presence in Russia as sanctions on the country have expanded.

‘We have contingency plans in place,’ the bank said in a statement. A spokesperson declined to elaborate on the plans but said ‘risks are well contained’. 

While many bankers have played down the importance of Russia to their operations, the country is tightly linked to the European economy.

Russia is the European Union’s fifth-largest trading partner, with a 5% share of trade, data shows. U.S. trade with Russia is less than 1% of its total.

Some of the region’s top bankers have been more concerned about the potential secondary effects of the crisis.

The boss of HSBC, one of Europe’s largest banks, this week said that ‘wider contagion’ for global markets was a concern, even if the bank’s direct exposure was limited.

A number of Britain’s largest banks have also been approached for comment. 

Leave a Reply

You might be interested in