Stay tuned with CashEssentials news ! - beyond payments
By subscribing, you accept our Privacy Policy.

Cyberwarfare Targets Ukraine’s Payment Infrastructure

Categories : Cash and Crises, Cash does not require a technology infrastructure, Cash generates security
February 10, 2022
Tags : ATMs, Cash and Crises, Cash Infrastructure, Cyberattacks, Ukraine
Tensions between Russia and the West raise the likelihood that Russian-sponsored cyber attacks cripple Ukraine's computer systems, including payment networks.
Manuel A. Bautista-González

Ph.D. in U.S. History, Columbia University in the City of New York

Post-Doctoral Researcher in Global Correspondent Banking, 1870-2000 – Mexico and South America, University of Oxford

This post is also available in: Spanish

In recent years, state-sponsored hackers have attacked computer systems worldwide, including the cash and banking infrastructure. A Carnegie Endowment timeline of cyberattacks on financial infrastructure includes 13 cyber-incidents targeting ATMs between 2007 and 2021, 7 with nonstate actors (since 2008) and six events with state-sponsored actors  (since 2013).

On January 16, amid tensions between Russia and the West on Ukraine, a cyberattack crippled Ukrainian computer systems. Computers showed the message “Be afraid and expect the worst” and demanded a ransom payment.

Dmitri Alperovitch, co-founder and former chief technology officer of cybersecurity firm CrowdStrike, aptly describes the threat in Foreign Affairs:

Russia could conduct psychological operations to sow confusion and doubt among the Ukrainian population, thereby eroding the public’s will to resist Russian aggression. Moscow could launch a cyberattack against Kyiv’s power grid, for instance, leaving millions of people without heat or electricity in the dead of Ukraine’s brutally cold winter. Or it could attack Ukraine’s financial system and make it difficult for civilians to buy groceries with a credit card or withdraw cash from an ATM.

The Next Frontier: Cyberwarfare

Russia is not alone in developing cyberweapons and engaging in cyberattacks. For years, several countries, including North Korea, Iran, China, Israel, and the United States, have expanded their cyberwarfare capabilities, probing each other’s vulnerabilities.

Experts believe Israel and the United States developed the Stuxnet virus that destroyed Iran’s uranium centrifuge in 2010, although neither took credit for the attack. According to Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers, by Andy Greenberg, had the Stuxnet virus failed, a more powerful cyberweapon called Nitro Zeus would have targeted the Iranian power grid, communications systems, and air defences.

In her review of Sandworm, Sue Halpern aptly describes how a cyberattack targeting critical infrastructure might cause devastating damage:

Had it been deployed, Nitro Zeus could have crippled the entire country with a cascading series of catastrophes: hospitals could not have been able to function, banks could have been shuttered and ATMs could have ceased to work, transportation could have come to a standstill. Without money, people might not have been able to buy food. Without a functioning supply chain, there would have been no food to buy. The many disaster scenarios that could have followed are not hard to imagine and can be summed up in just a few words: people would have died.

In August 2021, experts tasked by the United Nations advised member-states to secure the information and communications technology in critical infrastructure sectors such as “health care, […] energy, power generation, water and sanitation, education, commercial and financial services, transportation, telecommunications, and electoral processes.”

The Estonia 2007 attack

In 2007, after officials in Tallinn relocated a memorial to the Soviet Red Army, a cyberattack crippled Estonia’s business and government computer systems for 22 days. Attackers shut down the network of Hansabank, Estonia’s biggest bank, causing losses of $1 million. The BBC reported that “cash machines and online banking services were sporadically out of action.” Estonian officers suspected Russia was behind the attack but could not identify the culprits.

“If let’s say an airport or bank or state infrastructure is attacked by a missile it’s clear war, but if the same result is done by computers, then what do you call it? Is it a state of war? Those questions must be addressed,” said Madis Mikko, a spokesman at the Estonian Defense Ministry.

The NotPetya 2017 Attack on Ukraine

On June 27, 2017, hackers attacked Ukrainian computer systems with the malware NotPetya, in what Wired magazine called “the most devastating cyberattack in history.” The cyberattack targeted the popular and mandatory M.E.Doc tax preparation software, crippling private and state-run computer networks with a fake ransomware attack a day before a holiday celebrating Ukraine’s constitution.

The attack caused widespread collateral damage worldwide, hitting companies such as a FedEx subsidiary, the pharmaceutical company Merck, and the Danish container-shipping company A.P. Moller-Maersk, among others.

“If I had to guess, I would think this was done to send a political message […] You don’t hit the day before Constitution Day for no reason,” said Craig Williams, senior technical researcher at the Talos security division of Cisco, a computer networking firm.

NotPetya Shuts Down the Payments Infrastructure

The NotPetya attack hit government agencies, telecommunication companies, public utilities, and more than 22 banks, including the country’s central bank. NotPetya targeted banks’ servers and workstations, ATM control systems, SWIFT transfers, payment gateways and card processors.

Delay and Obfuscate

According to experts, Russian-backed hackers might be using fake ransomware attacks to hide their true intentions: destroying data or crippling computer systems managing critical infrastructure.

This post is also available in: Spanish