RegionsBalticsCyber attackers target five Russian banks

Cyber attackers target five Russian banks

The DDoS attack continued over two days and is among the biggest ever aimed against Russian banks.

At least five of Russia’s banks, including state-owned Sberbank and Alfabank, have been targeted in a distributed denial of service (DDoS) cyberattack, according to a source close to the Russian Central Bank and quoted by new agency RIA Novosti.

The intermittent cyberattacks were powered by compromised Internet of Things (IoT) devices. They began with data floods that deluged the banks’ websites on November 8 and continued intermittently for two days.

Reports suggest that there were similarities in the latest attacks to one launched on October 21 against the domain name system (DNS) services supplier Dyn, which was enabled by an IoT botnet using the Mirai malware code.

Cybersecurity firm Kaspersky Lab said that the attacks were among the largest it had seen aimed at Russian banks. It reported that the data deluges typically continued for about 60 minutes, but the most persistent attack was maintained for almost 12 hours. Devices in the US, India, Taiwan and Israel were all used in the attack.

Sberbank confirmed that it had been targeted, but said that it was able to neutralise the attack without affecting the ongoing operation of its website. It added that it had already suffered 68 similar attacks to date this year and the latest ranked among the biggest. A previous major DDoS attack in October 2015 targeted eight Russian banks.

“The attacks are conducted from botnets, consisting of tens of thousands of computers, which are located in tens of countries,” a Sberbank representative told RIA. “The initial attack was rather massive and its power intensified over the course of the day.

“We registered a first attack early in the morning; the next attack in the evening involved several waves, each of them was twice as powerful as the previous one. The bank’s cybersecurity noticed and located the attack in time. There have been no problems in client online services.”

John Madelin, chief executive officer (CEO) of London-based global cyber security specialist RelianceACSN commented: “The issue here is that manufacturers continue to make devices without paying attention to security, and consumers haven’t yet realised that basic password hygiene is incredibly important in a connected age.

“There should be a zero-tolerance mentality for simple security errors like these. The botnets we have seen in recent high-profile attacks were and are still publicly available, so until we take collective action on this issue attacks like this will continue to occur.

“We don’t know the motivation behind this attack, but banks are usually targeted because of the value of the data and cash they contain. They must be especially vigilant when protecting their critical data and ensure they have round-the-clock, real-time coverage.

“Financial services organisations, especially, should be sharing security information. As long as attackers can get into one bank they will keep trying to get into others.”

Related Articles

The Challenge of Integrating Worldwide Subsidiaries into one TMS

Baltics The Challenge of Integrating Worldwide Subsidiaries into one TMS

5m BELLIN
Five measures to protect against ransomware attacks

Baltics Five measures to protect against ransomware attacks

12m Mike Gillespie
Cybercriminals turn their attention to retail

Baltics Cybercriminals turn their attention to retail

12m Graham Buck
Leadership changes pose geopolitical risk, says Marsh

Africa Leadership changes pose geopolitical risk, says Marsh

1y Graham Buck
Is Russia warming to bitcoin?

Baltics Is Russia warming to bitcoin?

1y Graham Buck
Banks accused of handling laundered Russian money

Baltics Banks accused of handling laundered Russian money

1y Graham Buck
Russians’ credit health ends long decline

Baltics Russians’ credit health ends long decline

2y Graham Buck
Nordea, DNB to merge Baltic operations

Baltics Nordea, DNB to merge Baltic operations

2y Graham Buck