US warns of potential Russian cyberattacks on wealth managers

The fallout from Russia’s invasion of Ukraine is hitting the advice industry as government agencies warned wealth managers last week to protect themselves and their clients against increased attacks.

U.S. officials have already blamed Russia for at least two rounds of attacks on Ukrainian websites in February — the largest in the country’s history — and have alerted American financial institutions to be on the lookout for increased cyber activity.

The Department of Homeland Security has set up a page specifically warning of cyberattacks emanating from Russia, and both the Securities and Exchange Commission and the Financial Industry Regulatory Authority Inc. echoed those concerns in notices to the public.

“While there are not currently any specific credible threats to the U.S. homeland, we are mindful of the potential for the Russian government to consider escalating its destabilizing actions in ways that may impact others outside of Ukraine,” DHS’ Cybersecurity and Infrastructure Security Agency said in the letter.

The notice “recommends all organizations — regardless of size — adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets,” and offered specific actions that can reduce vulnerabilities and heighten readiness, found here.

While ensuring cybersecurity obligations are met, Finra also reminded advisers to be vigilant about the new sanctions the U.S. government has imposed on Russia, which could complicate compliance issues. The notice highlighted five major Russian financial institutions, as well as named “Russian elites close to Russian President Vladimir Putin,” that are now targets of the Treasury’s Office of Foreign Assets Control following an executive order from the White House.

“The U.S. government has imposed sanctions in response to Russia’s actions in Ukraine,” the agency said in the alert. “Finra encourages member firms to continue to monitor the Department of Treasury’s Office of Foreign Asset Control website for relevant information.”

Wealth managers make attractive targets for foreign hackers because of the publicly available records of assets under management, which hackers could potentially interpret as an ability to pay a hefty ransom. Wealth managers also hold some of the most sensitive client data directly connected to financial information — a potential gold mine for cybercriminals. 

“Most hackers are highly skilled computer scientists and not well versed in economic or financial systems,” said John O’Connell, CEO and founder of cybersecurity consulting firm The Oasis Group. “When a hacker looks at even a moderate-sized firm with billions in assets, they’re going to think that firm is making a ton of money.”

Ransomware attacks — a type of attack in which cybercriminals gain access to files and hold them until a ransom is paid — are on the rise. Attacks in the U.S. quadrupled in 2020, with three-quarters of the victims being small businesses, according to DHS.

The cybersecurity industry has seen a pickup in investor interest following Russia’s invasion of Ukraine, which has organizations preparing for possible cyberattacks. Shares of cybersecurity software companies rose this week, according to Bloomberg, with analysts expecting higher spending on security-related services as businesses and companies brace for war.

“Clients are now asking advisers, ‘How are you protecting my money, my information and my wealth?’” said Michael Hallett, CEO of cybersecurity provider CleverDome.

“Wealth management is part of the financial infrastructure of this country and needs to be protected,” Hallett said. “It’s a critical issue today.”

Work from home orders have also played a role in the increase in ransomware attacks, as employees work off free WiFi from their local coffee shop or from home on a network that isn’t entirely secure. 

“We’re in a digital war zone,” Hallett said. “Mobile apps are almost always connected to the internet. That’s inherently insecure.”

Ransomware attacks, however, can take weeks or months to unfold; potential hackers from foreign countries could likely strike much more quickly.

“The more concerning options are destructive attacks like you’re seeing in the Ukraine,” O’Connell said.

Destructive malware, for example, can enter a computer and randomly delete information or rewrite hard drives to effectively shut down the system, and it can do so within hours. These attacks have the potential to wipe out all of a client’s information and documentation in an account, like personal financial data, signed approval documents, performance reports and more.

“Imagine they got into your client accounts and just started randomly deleting files,” O’Connell said. “The good Lord himself couldn’t get that data back.”

There is also a massive risk of reputational damage for a firm that gets hacked, especially if personal information is copied by hackers, deleted from the firm’s servers and then made public.

“For a wealth management firm, that would be debilitating, and that’s probably an understatement,” O’Connell said.

Related Topics: CleverDome, Department of Homeland Security, The Oasis Group, Treasury Department