A wave of DDoS attacks hit at least five Russian banks with prolonged DDoS attacks this week.
Among the victims of the DDoS attacks against the online banking services there are Sberbank and Alfabank banks.
The string of DDoS attacks began on Tuesday afternoon and lasted over two days.
“The attack began Tuesday afternoon, and continued for two days straight, according to a source close to Russia’s Central Bank quoted by RIA Novosti. Sberbank confirmed the DDoS attack on its online services.”
“The attacks are conducted from botnets, consisting of tens of thousands computers, which are located in tens of countries,”Sberbank’s press service told RIA.
According to an unnamed Russian Central Bank, official the attackers used a botnet of IoT devices, likely a Mirai botnet. The Mirai botnet is the same threat that targeted the Dyn DNS service causing the Internet outage for a large portion of the US netizens.
Both Sberbank and Alfabank have confirmed the DDoS attacks against their systems, but Alfabank downplayed the incident classifying the attack as a “weak” one.
“We registered a first attack early in the morning … the next attack in the evening involved several waves, each of them was twice as powerful as the previous one. Bank’s cybersecurity noticed and located the attack in time. There have been no problems in client online services,” Sberbank representative said.
“There was an attack, but it was relatively weak. It did not affect Alfabank’s business systems in any way,” the bank told RIA Novosti.
According to the experts from Kaspersky Lab, this is the first time that massive DDoS attacks hit Russian banks this year.
A previous string of DDoS attacks against banks was observed in October 2015.
(Security Affairs – DDoS attacks, Russia)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.