At least five of Russia’s biggest banks have been hit by a series of massive distributed-denial-of-service (DDoS) attacks launched via a huge network of infected Internet of Things (IoT) devices.
The attacks, which are thought to have involved compromised connected objects in 30 countries, saw as many as 660,000 requests sent to the targeted financial institutions’ websites every second. In all, security experts estimate some 24,000 hijacked devices were used in the attacks.
“[We have documented] attacks on a number of major banks,” the Bank of Russia, the central bank of the Russian Federation, said in a statement. “The information was sent to the law enforcement authorities.”
According to internet security firm Kaspersky Lab, which said the DDoS strikes were the first of their kind aimed at Russian banks this year, over half of the devices used in the attacks were based in the US, Israel, Taiwan and India. Kaspersky said the longest lasted for almost 12 hours, but most typically went on for one hour.
Sberbank, Russia’s largest lender, said it was hit by a series of attacks of growing intensity on 8 November, but claims that its cyber security team was able neutralise them before they caused any disruption to customers.
An executive at Sberbank told the Interfax news agency the bank had repelled nearly 70 similar attacks over the course of the last 12 months. Earlier this year, Sberbank chief German Gref warned that the global cost of cyber attacks will double to $1 trillion by 2020.
“The attacks are conducted from botnets, consisting of tens of thousands computers, which are located in tens of countries,” read a statement from Sberbank. “We registered the first attack early in the morning… The next attack in the evening involved several waves, each of them was twice as powerful as the previous one. [Our] cyber-security [team] noticed and located the attack in time. There have been no problems in client online services.”
The DDoS attacks come weeks after the US said it would consider launching a retaliatory cyber strike against Russia after accusing Moscow of attempting to interfere in its recent presidential election. Vice president Joe Biden told NBC’s Meet the Press that the US would send Vladimir Putin a message at a time of the Obama admiration’s choosing, and that the Russian president would know it when this happened.
Last week’s attack on Russia’s banks is the latest in a recent string of DDoS strikes launched through tens of thousands of compromised IoT devices. In October, hackers used the Mirai botnet to take down internet backbone provider Dyn, which resulted in some of the biggest websites on the planet being taken offline.