CYBER THREATS OF THE BANKING SECTOR IN THE CONDITIONS OF THE WAR IN UKRAINE

Abstract

The article aims to determine the features of cyber-attacks and cyber threats to the banking sector under martial law in Ukraine. The global trends of cyber-attacks on the financial industry are analyzed, and the active use of SMS messages and e-mails with links or malicious code inside, active DDOS attacks, and attacks on the bank's infrastructure by attackers and cyber fraudsters are revealed. The legislation of Ukraine on cyber threats (including against critical infrastructure, which provides for banking institutions), the main types of attacks on the banking sector (Deepfakes, Zero Trust, phishing, DDoS, brute force, IDOR, XSS vulnerability, SQL injection, malware installation) and the analysis of public information on the chronology of the main cyber-attacks on the banking system of Ukraine during the war were studied. The study focused on the methods and types of penetration. Based on the analysis, a list of features of cyber threats to banks and their customers in the context of military aggression was formed, namely: the adaptability of the banking sector to the latest cyber threats; strengthening the responsibility of banks to the regulator, including financial; remote work of banking specialists, which generates an increase in the risk of human factor; rapid update of malware; psychological orientation of cyber-attacks. The ways to minimize cyber risks are identified, which include: the most rapid update of protective software systems, vulnerability scanning in the banking infrastructure, penetration tests, bug bounty programs, and the active use of elements of game theory as a generator of negative cyberattack scenarios.