5 major Russian banks repel massive DDoS attack
At least five Russian major banks came under a continuous hacker attack, although online client services were not disrupted. The attack came from a wide-scale botnet involving at least 24,000 computers, located in 30 countries.
The attack began Tuesday afternoon, and continued for two days straight, according to a source close to Russia’s Central Bank quoted by RIA Novosti. Sberbank confirmed the DDoS attack on its online services.
“The attacks are conducted from botnets, consisting of tens of thousands computers, which are located in tens of countries,” Sberbank’s press service told RIA.
The initial attack was rather massive and its power intensified over the course of the day.
“We registered a first attack early in the morning ... the next attack in the evening involved several waves, each of them was twice as powerful as the previous one. Bank’s cybersecurity noticed and located the attack in time. There have been no problems in client online services,” Sberbank representative said.
Alfabank has also confirmed the fact of the attack, but called it a “weak” one.
“There was an attack, but it was relatively weak. It did not affect Alfabank’s business systems in any way,” the bank told RIA Novosti.
According to Russian computer security company Kaspersky Lab, more than a half of the botnet devices were situated in the US, India, Taiwan and Israel, while the attack came from 30 countries. Each wave of attack lasted for at least one hour, while the longest one went on for 12 hours straight. The power of the attacks peaked at 660 thousands of requests per second. Some of the banks were attacked repeatedly.
“Such attacks are complex, and almost cannot be repelled by standard means used by internet providers,” the news agency quoted Kaspersky Lab’s statement as saying.
This botnet with 145607 cameras/dvr (1-30Mbps per IP) is able to send >1.5Tbps DDoS. Type: tcp/ack, tcp/ack+psh, tcp/syn.
— Octave Klaba / Oles (@olesovhcom) 23 сентября 2016 г.
According to a source in Central Bank, the botnet behind the attack consists not only of computers, but also of the so-called Internet of Things (IoT) devices. Computer security experts note, that various devices ranging from CCTV cameras to microwaves, are prone to hacking and pose a significant threat when assembled into a botnet. Owners of such devices underestimate the risks and often do not even bother to change a default password. A massive botnet, able to send more than 1.5Tbps and consisting of almost 150 thousands of CCTV cameras has been reportedly uncovered in September.
According to Kaspersky Lab, it was the first massive attack on Russian banks this year. The previous attack of such a scale came in October 2015, when eight major banks were affected.