Cyber attackers target five Russian banks

At least five of Russia’s banks, including state-owned Sberbank and Alfabank, have been targeted in a distributed denial of service (DDoS) cyberattack, according to a source close to the Russian Central Bank and quoted by new agency RIA Novosti.

The intermittent cyberattacks were powered by compromised Internet of Things (IoT) devices. They began with data floods that deluged the banks’ websites on November 8 and continued intermittently for two days.

Reports suggest that there were similarities in the latest attacks to one launched on October 21 against the domain name system (DNS) services supplier Dyn, which was enabled by an IoT botnet using the Mirai malware code.

Cybersecurity firm Kaspersky Lab said that the attacks were among the largest it had seen aimed at Russian banks. It reported that the data deluges typically continued for about 60 minutes, but the most persistent attack was maintained for almost 12 hours. Devices in the US, India, Taiwan and Israel were all used in the attack.

Sberbank confirmed that it had been targeted, but said that it was able to neutralise the attack without affecting the ongoing operation of its website. It added that it had already suffered 68 similar attacks to date this year and the latest ranked among the biggest. A previous major DDoS attack in October 2015 targeted eight Russian banks.

“The attacks are conducted from botnets, consisting of tens of thousands of computers, which are located in tens of countries,” a Sberbank representative told RIA. “The initial attack was rather massive and its power intensified over the course of the day.

“We registered a first attack early in the morning; the next attack in the evening involved several waves, each of them was twice as powerful as the previous one. The bank’s cybersecurity noticed and located the attack in time. There have been no problems in client online services.”

John Madelin, chief executive officer (CEO) of London-based global cyber security specialist RelianceACSN commented: “The issue here is that manufacturers continue to make devices without paying attention to security, and consumers haven’t yet realised that basic password hygiene is incredibly important in a connected age.

“There should be a zero-tolerance mentality for simple security errors like these. The botnets we have seen in recent high-profile attacks were and are still publicly available, so until we take collective action on this issue attacks like this will continue to occur.

“We don’t know the motivation behind this attack, but banks are usually targeted because of the value of the data and cash they contain. They must be especially vigilant when protecting their critical data and ensure they have round-the-clock, real-time coverage.

“Financial services organisations, especially, should be sharing security information. As long as attackers can get into one bank they will keep trying to get into others.”


Related reading