Market News

By Sanne Wass

(Bloomberg) -- Cyber attacks against Nordic banks, likely perpetrated by Russia-linked hackers, pose the biggest threat to financial stability in the region, a top Danish central bank official said.

Financial institutions should be prepared for an “arms race” with cybercriminals, Ulrik Nodgaard, the new deputy governor at the Danish central bank, said in an interview in Copenhagen. His comments come as websites of lenders including Nordea Bank Abp, the largest in the region, have been disrupted on a daily basis for weeks.

“This has become a more real threat,” Nodgaard said, adding that “even stronger and more far-reaching” cyberwarfare isn’t ruled out. “These attacks are basically about creating frustration and uncertainty, and that has been successful.”

The incidents, drowning websites in extreme traffic, have gone from being “slightly annoying” to taking on “a more serious character,” said Nodgaard, who took the job in August. While experts and media have attributed the so-called Distributed Denial-of-Service, or DDoS attacks, to perpetrators affiliated with Russia, no senior official has so far publicly made such a link.

Asked whether he thinks the DDoS attacks come from Russia, he said: “Yes, the general assessment is that it seems likely.”

Nodgaard is one of two deputy governors at the Danish central bank, overseeing the payment system and financial stability. He joined the regulator from a role as head of the country’s banking lobby group, and previously headed up the Danish Financial Supervisory Authority.

Nordea has called a wave of DDoS attacks since September “unprecedented” in scale, intensity and duration — slowing its digital services or taking them offline. The Nordic banking industry, one of the most digitalized in the world, may potentially also face attacks where criminals succeed in hacking into an institution and shut it down for days, Nodgaard said.

Globally, DDoS attacks spiked in the third quarter of 2024, according to cyber security company Cloudflare, which said last month it mitigated almost 6 million such incidents in the quarter, a nearly 50% increase from the previous period. The financial services industry was the hardest hit, it added.

The Danish central bank has already been working with lenders on preventative cyber measures for some time, including facilitating knowledge-sharing and exercises where hackers are hired to expose gaps in banks’ resilience. But since Russia’s full-scale invasion of Ukraine, the focus has shifted slightly toward investing more into preparedness and recovery should larger disruptions happen, Nodgaard said.

“It’s about preparing for worst-case scenarios,” Nodgaard said. “We don’t expect anyone to come in and shut down a major Danish payment institution, but in the climate we’re in now, we have to invest and be prepared for that scenario.”

In one such move, the central bank has been working with lenders, card companies and retailers to extend the number of days that Danes can pay by card for groceries and medicine in shops if the internet or payment system shuts down. From next year, such offline retail payments will be possible for seven days for all cards issued in Denmark; today this is possible for only three days and not for all cards.

Authorities in other countries, Nodgaard said, have shown keen interest in the system as it avoids having to ask citizens in a largely cashless economy to stock notes and coins for a crisis situation.