Financial

Russian banks continue to face onslaught of DDoS attacks

Since Tuesday, five Russian banks have been targeted in an ongoing attack. The campaign does not look to be caused by the Mirai botnet.

By Chris Bing

November 11, 2016

The Russian flag flies above Russian parliament. (Getty Images)

Hackers armed with botnets are launching an expansive and coordinated distributed denial of service campaign against a group of prominent Russian banks this week, security researchers tell CyberScoop. The attacks began on Tuesday and have continued since then.

Moscow-based Kaspersky, one of the world’s largest cybersecurity firms, are closely monitoring the events unfolding this week from the ground. More than five banks have been affected.

“Criminals often target financial institutions. The purpose may be different: black mail, or smoke screen to cover other attacks, or hacktivism,” said Kaspersky DDoS Prevention Group Manager Alexander Khalimonenko, “[so] we don’t know what the purpose of this campaign is.”

The attack began Nov. 8 at 4 p.m. MSK and it is still in progress. The longest attack within this campaign lasted for 12 hours. And the biggest single DDoS blast so far peaked at about 660,000 requests per second.

Roughly 24,000 computers located across 30 different countries were involved in the attack on the Russian banks. More than 50 percent of the infected computers are distributed between the U.S., India, Taiwan and Israel, Khalimonenko said.

A DDoS attack is powered by a network of infected, internet-connected devices that then send artificially-created access requests to a target domain. A flood of access requests can cause a website to crash or have its services disrupted.

“According to what we see, a Mirai-controlled botnet is not used in these attacks,” said Khalimonenko.

Conflicting, prior news reports have suggested that at least one of the botnets used to disrupt services in Russia included compromised smart devices like security cameras and internet-connected home appliances. But Khalimonenko said those stories are incorrect.

“We registered a first attack early [Tuesday] in the morning,” a representative from Russia’s Sberbank told RIA Novosti, “the next attack in the evening involved several waves, each of them was twice as powerful as the previous one. Bank’s cybersecurity noticed and located the attack in time. There have been no problems in client online services.”

It appears some of the affected banks — most of whom have yet to be publicly named — did not receive the same level of focus from the attackers.

Russian banks continue to face onslaught of DDoS attacks

More Like This

Proposed data broker regulations draw industry pushback on anonymized data exceptions, bulk thresholds

Treasury official: Small financial institutions have ‘growth to do’ in using AI against threats

Mandiant: Notorious Russian hacking unit linked to breach of Texas water facility

Top Stories

Iranian nationals charged with hacking U.S. companies, Treasury and State departments

CISA ransomware warning program set to fully launch by end of 2024

FCC wants rules for ‘most important part of the internet you’ve probably never heard of’

More Scoops

Largest-ever DDoS leverages zero-day vulnerability

Cloudflare reports ‘alarming surge’ in DDoS sophistication, escalation in recent months

GitHub disables pro-Russian hacktivist DDoS pages

Taiwanese government sites hit with DDoS attacks ahead of Pelosi’s visit

Pro-Russian cybercriminals briefly DDoS Congress.gov

FBI seizes domains tied to stolen records, DDoS services

Putin’s government lists IPs and domains allegedly aiming DDoS traffic at Russia

Latest Podcasts

How Troy Hunt knows if you’ve been hacked and Washington tries to understand AI

Why pig butchering is the worst kind of online scam

How the FBI fights ransomware

Rumman Chowdhury on AI red-teaming; a Sisense supply chain attack

Government

Technology

Threats

Geopolitics