Sberbank has withstood more than 600 cyber assaults since the onset of Russia’s special operation in Ukraine. This figure was shared by Stanislav Kuznetsov, the bank’s deputy chairman, during a working visit to Crimea. He emphasized the ongoing intensity of cyber threats that banks face on the global stage and the need for constant vigilance in a rapidly evolving digital landscape.
In the discussion, Kuznetsov noted that last year saw 124 DDoS incidents successfully repelled by Sberbank. He explained that the year began with high activity, yet there were no major cyber incidents to report so far. Looking ahead, he warned that the geopolitical climate makes a sharp drop in attacker activity unlikely, forecasting that malicious actors will continue to sharpen their skills and coordination, elevating the sophistication of their assaults throughout the year.
The executive highlighted a discernible trend toward targeting supply chains. He observed that adversaries rarely achieve meaningful success through direct, head-on confrontations and are increasingly aiming at Sber Group entities and their network of partners. This shift mirrors a broader pattern in which attackers attempt to exploit dependencies and interconnected systems rather than attack single points outright.
Among the growing threats, Kuznetsov pointed to social engineering that enables phone fraud as a well-established tactic. He also warned that new technologies bring fresh risks, including the possible emergence of deepfakes. While such cases remain relatively rare due to the substantial resources required to prepare convincing fabrications, they represent a credible threat that requires proactive preparation and layered defense measures.
Artur Lyukmanov, formerly the head of the International Information Security Department at the Russian ministry of foreign affairs, remarked on the existence of thousands of call centers operating in Ukrainian territory that engage in extortion. He recalled that Western governments had previously been warned about the repercussions of the so-called IT army organized within the country, suggesting that the problem would extend beyond Russia to European nations as well. The broader point was that scammers do not confine their targets to residents of any single nation; ordinary people across borders can become victims in the right circumstances.
Law enforcement authorities have begun clarifying the operations of such call centers. Investigations point to locations in the Dnieper and Zaporozhye regions, where individuals are recruited through local acquaintances to carry out fraudulent activities. The discussions reinforce the reality that cybercrime infrastructure can be highly distributed, relying on social networks and regional networks to orchestrate attacks and intimidation.
Analysts continue to stress the importance of recognizing evolving attacker playbooks and staying prepared against an expanding array of threats. The security posture of financial institutions requires continuous adaptation, combining robust technical controls with human-centered awareness and global collaboration to mitigate the impact of these criminal activities. It remains essential for organizations to invest in threat intelligence, incident response capabilities, and cross-border cooperation to reduce risk across the digital ecosystem.