Big banks fear that Swift faces a growing threat of Russian cyber attacks after seven of the country’s lenders were kicked off the global payments messaging system over the weekend.
VTB, Russia’s second-biggest bank, and Promsvyazbank, which finances Russia’s war machine, were among the lenders removed on Saturday from Swift as part of the west’s sanctions campaign against Moscow in response to its invasion of Ukraine.
Senior executives responsible for cyber security at several banks told the Financial Times that the threat to Swift, which enables banks to send trillions in payments across borders every day, could escalate if more Russia’s lenders are expelled from the system.
Sberbank, Russia’s biggest bank, and Gazprombank have so far been kept on Swift as they facilitate much of the west’s payments for Russian oil and gas.
The executives are concerned that Swift could be a more attractive target than individual banks as it is a pinch point in the global financial network.
“There are lots of concerns about Swift,” said a financial regulator that supervises some of the banks. “Banks seem to be comfortable with their own cyber security levels, but a hit to Swift would be very detrimental to the whole banking system.”
Although banks have become increasingly concerned about Swift as a potential target, so far Russia’s cyber attacks have targeted only Ukrainian government departments and infrastructure.
Executives with oversight of cyber defence within their banks told the FT they had put their teams on alert for potential reprisal attacks.
Swift plays a crucial role in global banking, with more than 11,000 financial institutions using the system, which facilitates trillions of dollars worth of transactions every day.
“During warfare, it’s the most effective place to hit — it’s the nucleus of the global banking system, the node that connects everything,” said one senior bank executive.
An executive overseeing cyber security at another lender said the threat level from Russian attacks had “risen considerably” in recent weeks.
“We model for cyber attacks on institutions like the Fed, but we think a hit on Swift is more likely in retaliation for Russian banks being kicked off it,” he added. “That would have huge consequences for the global banking network.”
Swift, a Brussels-based organisation that is owned by its members and overseen by the G10 central banks, has previously reported attacks on its network by cyber criminals.
In 2016, hackers robbed $81mn from the Bangladesh central bank in one of the biggest bank heists in history through exploiting vulnerabilities in other banks on Swift. The hackers used malware to impersonate other banks on the system and send payment requests.
Analysts said the tactics resembled those used by hackers targeting Sony Pictures Entertainment in 2014, which the FBI blamed on North Korea.
In response, Swift started a new regime of mandatory controls for member banks and stepped up its monitoring of them.
It also launched a programme to help its members improve their cyber defences and share information on attacks with each other to protect the network.
In a statement, Swift said that all its services were operating as normal.
“Swift takes security very seriously and we have a strong control environment in place for physical and cyber security,” it added. “Like banks, market infrastructures and other financial institutions, we continuously monitor the threat landscape and adapt responses accordingly.”