According to Russian media, five banks in the country have been subject to a swathe of DDoS attacks over the past few days. The state-owned Sberbank was one of them, and Kaspersky Lab said in a statement that the attacks were among the largest it had seen aimed at Russian banks.
There are numerous theories flying around about why these attacks are happening, and it's important to mention they are unsubstantiated rumours at best, but Vice has a theory that it may have been happening due to "people who were dissatisfied with possible Russian intervention in the presidential elections in the United States."
Russian-speaking news website Meduza says this is, “only a "demonstration of the possibilities," and its causes are purely economic.”
The DDoS attacks began on 8 November, continuing intermittently; most of the attacks have only lasted roughly 60 minutes. The most persistent attack went on for almost 12 hours according to Kaspersky Lab.
At the peak of the biggest attacks, it reached 660,000 requests a second, for this reason, security experts believe the hackers carrying out these attacks are using a botnet of hacked Internet of Things devices.
A spokesperson for Sberbank told SCMagazineUK.com, "Sberbank announces that starting from the second half of the day on November 10, the Sberbank Online web resource was subject to a powerful multiple DDoS attack, which continued for several hours. The attack was successfully repelled by the Bank's security systems. There was a slight slowdown in providing the service, ranging from several seconds to a minute. The Bank did not identify any service failures as a result of the attack."
Paul McEvatt, senior cyber-threat intelligence manager at Fujitsu told SCMagazineUK.com: “This latest report revealing how five Russian banks have been hit by DDoS attacks indicates this was devices controlled by the Mirai ‘Internet of Things' botnet. To help shift this mindset and make securing internet connected devices easier for businesses, the Online Trust Alliance (OTA) has produced a framework in IoT security, offering guidance on how to secure embedded devices. This introduction of a kite mark standard for IoT devices is a progressive step towards ensuring safe practice is followed and that security of such devices against these types of hacks is at a premium. This is especially important for the financial sector which handles lots of sensitive data.”
According to a statement from Sberbank, the attacks have not had any effect on the bank's operations, highlighting that this attack was one of 68 DDoS attacks this year, but this was ranked one of the biggest it had ever seen.
The names of the other banks that were hit have not been released but all are believed to be among the 10 biggest in Russia.
According to the Corporate IT Security Risks 2016 study conducted by Kaspersky Lab and B2B International, a single DDoS attack can cost a company over US$1.6 million (£1.3 million), depending on how quickly the attack is detected.
Companies of various sizes affected by DDoS attacks over the last 12 months were asked what costs they incurred as a result. It turned out that the biggest expenses for medium and large companies (20 percent and 19 percent respectively) were caused by changes to their credit and insurance ratings, which is hardly surprising considering many DDoS attacks become public knowledge.
For small companies, the largest DDoS-related expenditure item was overtime payments to employees (17 percent). DDoS attacks are also cited as one of the top five threats that can force companies to hire new employees, with 37 percent of organisations that fell victim to such attacks planning to significantly increase their IT staff.
Other major DDoS-related costs included PR expenses to restore a company's reputation (nine percent), upgrading IT infrastructure and software (ten percent), staff training (ten percent) and customer compensation (12 percent). This can bring the average cost of a DDoS attack to about US$106,000 (£84 million) for smaller companies and more than US$1.6 million (£1.3 million) for enterprises. One important finding from the study was that if an attack is detected in the first 24 hours, the costs can be almost halved, compared to an attack detected over a day later.
“Our research demonstrates that DDoS attacks are one of the most expensive cyber-threats for companies. In fact, they are more expensive than a virus or a crypto-malware infection. Just one single DDoS attack can disable the online services for long periods of time, damage the company's reputation and deprive it of its current or future customers. There have been incidents where prolonged DDoS attacks have led to the bankruptcy and closure of successful online businesses. Proactive protection allows a company to quickly detect an ongoing DDoS attack and, in the case of a solution like Kaspersky DDoS Protection, assist in finding out as soon as an attack begins thanks to the DDoS Intelligence system, thereby warding off any potential risks,”says Alexey Kiselev, project manager on the Kaspersky DDoS Protection team.
John Madelin, CEO at RelianceACSN emailed SC to add, “We don't know the motivation behind this attack, but banks are usually targeted because of the value of the data and cash they contain. They must be especially vigilant when protecting their critical data and ensure they have round-the-clock, real-time coverage. Financial services organisations, especially, should be sharing security information. As long as attackers can get into one bank they will keep trying to get into others.”