Hackers armed with botnets are launching an expansive and coordinated distributed denial of service campaign against a group of prominent Russian banks this week, security researchers tell CyberScoop. The attacks began on Tuesday and have continued since then.
Moscow-based Kaspersky, one of the world’s largest cybersecurity firms, are closely monitoring the events unfolding this week from the ground. More than five banks have been affected.
“Criminals often target financial institutions. The purpose may be different: black mail, or smoke screen to cover other attacks, or hacktivism,” said Kaspersky DDoS Prevention Group Manager Alexander Khalimonenko, “[so] we don’t know what the purpose of this campaign is.”
The attack began Nov. 8 at 4 p.m. MSK and it is still in progress. The longest attack within this campaign lasted for 12 hours. And the biggest single DDoS blast so far peaked at about 660,000 requests per second.
Roughly 24,000 computers located across 30 different countries were involved in the attack on the Russian banks. More than 50 percent of the infected computers are distributed between the U.S., India, Taiwan and Israel, Khalimonenko said.
A DDoS attack is powered by a network of infected, internet-connected devices that then send artificially-created access requests to a target domain. A flood of access requests can cause a website to crash or have its services disrupted.
“According to what we see, a Mirai-controlled botnet is not used in these attacks,” said Khalimonenko.
Conflicting, prior news reports have suggested that at least one of the botnets used to disrupt services in Russia included compromised smart devices like security cameras and internet-connected home appliances. But Khalimonenko said those stories are incorrect.
“We registered a first attack early [Tuesday] in the morning,” a representative from Russia’s Sberbank told RIA Novosti, “the next attack in the evening involved several waves, each of them was twice as powerful as the previous one. Bank’s cybersecurity noticed and located the attack in time. There have been no problems in client online services.”
It appears some of the affected banks — most of whom have yet to be publicly named — did not receive the same level of focus from the attackers.