Russia’s banking and financial services company Sberbank is being targeted in a wave of unprecedented hacker attacks. Earlier this month, the bank fought off the largest distributed denial-of-service (DDoS) attack in its history.
Sergei Lebed, vice president and director of cybersecurity at Sberbank, told the audience participating at the Positive Hack Days conference that thousands of internet users have been attacking the organization over the past months.
Sberbank is Russia’s largest financial company and the third-largest in Europe, with total assets counting over $570 billion.
The entity was among the first to be sanctioned following the Russian invasion of Ukraine, and its operations on the European continent have been severely restricted as a result.
Hackers siding with Ukraine have had Sberbank in their crosshair since the very beginning of the conflict in February. According to the bank, this activity hasn’t abated.
Massive attacks waves
On May 6, 2022, Sberbank says it repelled the biggest DDoS attack it has ever seen, measured at 450GB/sec.
DDoS are resource-depletion attacks that aim to make online services unavailable to customers, leading to business disruption and financial losses.
The malicious traffic that supported the attack against Sberbank’s main website was generated by a botnet with 27,000 compromised devices located in the United States, the U.K., Japan, and Taiwan.
As Lebed explained, the cybercriminals used various tactics to carry out this cyberattack, including code injections into advertising scripts, malicious Chrome extensions, and Docker containers weaponized with DDoS tools.
Lebed says they detected over 100,000 internet users attacking them in the past couple of months, while in March, they recorded 46 simultaneous DDoS attacks on different Sberbank services.
Many of these attacks exploited traffic on online streaming and movie theater sites, similar to a tactic employed by Pro-Russian threat groups against key Ukrainian websites.
The web browsers of visitors of these compromised sites run specially crafted code found in injected scripts that generate many requests to specific URLs, in this case, under Sberbank’s domain.
“Today, the bank faces cyberattacks around the clock. Sberbank’s Security Operation Center analyzes cyber threats 24/7 and promptly responds to them,” Sergei Lebed
“However, when it comes to companies in other sectors, most of them have never encountered anything like this before and may suffer damages,” warned Sberbank’s vice president.
DDoS attacks at this level are likely to continue as long as the geopolitical tensions continue to create a polarizing environment, and as Sberbank’s announcement concludes, they are may go down in number but grow in power.
This is in line with what Radware reported yesterday, a 1.1 Tbps DDoS attack lasting 36 hours, signifying that threat actors are becoming far more capable even compared to last year.
Source: www.bleepingcomputer.com