Dangerous adversaries are targeting critical financial infrastructure

By Doron Tamir

One of the most neglected strategic cyber threats existing today is the ability of attackers to target financial systems, central banks, stock exchanges, and financial clients.

The Russia-Ukraine war has served as an urgent reminder of this developing capability. Russia has said that it will target the West’s economic assets in response to Western sanctions on Kremlin-connected individuals and oligarchs.

When it comes to the cyber realm, there are three ways that attackers can do this.

The first involves the advanced persistent threat model, which can be used to strike targets such as a country’s central bank or stock exchange.

As of yet, no stock market has collapsed, but such attacks can be exceedingly destructive in the future due to the role played by stock exchanges as central financial pillars.

According to media reports, Russia created a list of hostile threats, and prioritized them – this could form a list of future cyber strikes. Countries in Western Europe led by Germany, as well as in the East - Poland, the Baltic States, Estonia and Finland, are prominent on the list.

Russia could be planning a major cyberattack against banking systems in these countries.

To build up such offensive cyber capabilities, Russia is boosting its cyber strike systems, while also recruiting as many people as possible to assault Western banking and military digital networks -- a lesson it has learned from past failures.

These developments mean that banks, stock exchanges, and civilian finances must today be considered as strategic and essential infrastructures.

If a stock exchange in a country that relies on it fails, trade and the economy will greatly suffer, potentially resulting in billions of dollars in losses.

Cyber attackers can reach stock exchanges through ‘back door’ access – via large and small banking online systems.

Another way to achieve such damage is through social engineering attacks, which involve manipulating people into allowing harmful actors access to online systems.

Phishing is another way to achieve this, targeting not only those who work at financial organizations but also their customers. Everyone needs to learn how to identify false requests for information or attempts to get hold of account information.

Many have fallen for such traps already. In order to reduce risks, many banks today encourage customers to access their accounts through mobile applications. This makes the attacker's job more difficult, but it does not entirely defend against the threat.

Banks in Singapore, for example, offer a good model of how to build active defenses. Banks in the east Asian country were compelled by the government to create backups of their customers' accounts to prepare for the event of a cyber-attack.

That’s because in the event of such attacks, all banks, digital payments, and credit card use can be suspended, much like pulling the plug out of the socket. If backup systems are in place, financial losses during such an incident will be low, assuming the assault is identified immediately. 

Among other safety measures put in place by Singapore is limiting electronic transactions to 5,000 dollars without a two-factor authentication by clients.

Credit card transactions are limited to 5,000 dollars under the new safety measures and banks must seek client approval twice before responding to inquiries. The banks are also required to perform coordination activity with an anti-fraud center.

These steps should serve as a model for the world.

Hundreds of millions of dollars or even billions could be at stake. Cyber attacks can paralyze massive clearance processes that require for vast sums to be transferred by a specific time. Any disturbance of this system can inflict enormous damage.

An adequate cyber-attack detection system can freeze processes as soon as an alert is sounded, preventing ransom attacks as well as making them unprofitable for attackers.

Russia, for its part, has been sorely disappointed with the outcome of its cyber strikes on Ukraine, but it has no intention to abandon this project. Russia is determined to exact revenge and achieve a “victory image.” In that context, it wishes to show the West, particularly Germany, that a price will be paid for its “treachery” against Russia.

Russia serves as a source of inspiration for Israel's adversaries and Israel has already experienced similar attempts to strike its financial system. Hackers from Malaysia launched cyber assaults in recent months targeting Israeli financial systems, though these were distributed denial of service type attacks that caused minor disruption.

They did, however, demonstrate how a few hundred hackers can band together and launch coordinated attacks against a single target. Israel’s defensive systems were good in this case to repel the incident. Nevertheless, the attack serves as a cautionary tale.

Every time there is an escalation in the Israeli-Palestinian conflict or any circumstance in which antagonism toward Israel spreads across parts of the Islamic world, cyber-attacks are launched against various Israeli civilian, government and military networks. 

Defacement-type incidents do not pose a severe risk. However, the infiltration of CCTV cameras in Jerusalem by Iranian hackers and the subsequent release of footage from a deadly November bus station bombing in the city was troubling and should have been prevented.

Israel must respond by beefing up defenses on all of its networks, including its central banking system, with the effort coordinated by its National Cyber Directorate.

These days, cyber defenders can also enjoy the added benefits of Artificial Intelligence, which is gradually taking increasing control over defenses of digital communications and network infrastructure. AI systems can learn on their own, issue recommendations, and prevent attacks, while investigating all aspects of hostile activity.

Israel became a major cyber power in part thanks to the Israeli government's investments in this field over the years.  The time has now come for the Israeli government to make similar investments in AI development and to link this field to cyber defenses – the sooner the better. 


Brigadier General Doron Tamir General Doron Tamir had a distinguished military career spanning over 2 decades in the Intelligence Corps and Special forces - as the Chief Intelligence Officer in the Israeli military, where he commanded numerous military units in all aspects of the intelligence field, from signal, visual, and human intelligence, through technology and cyber, to combat and special operations. Read full bio here.