DDoS-attack on Sberbank, Alfa-Bank, Bank of Moscow, Rosbank and others
On Wednesday, November 9, a source close to the Central Bank reported that five large banks of the Russian Federation were undergoing DDoS attacks from Tuesday.
The attacks began on Tuesday, November 8, around 16:00 Moscow time. Websites of at least five organizations from the TOP-10 of the Russian banking market were attacked.
The average duration of each attack was about an hour, the longest lasted almost 12 hours. Some banks were subjected to attacks repeatedly - from two to four attacks with a small interval between them. Attack power reached 660,000 requests per second. A botnet was used for attacks, which consists of more than 24,000 machines. More than 50% of the devices included in the botnet are in the United States, India, Taiwan and Israel. In total, the attacks involved a total of cars from 30 countries. And yes, this is a Mirai based botnet. About this botnet already on Wikipedia there is an article .
')
“The bank’s security systems worked reliably, the attack was promptly detected and localized by Sberbank’s cyber defense units ,” Sberbank reports.
Alfa-Bank says that the DDoS attack was “fairly short-term and weak” and did not affect the operation of business systems.
“The Central Bank knows about these attacks. The botnet from the Internet of Things series participates. Power is not very big. Under the attack of the order of five banks from yesterday, ” said the agency interlocutor.
However, in addition to a source close to the Central Bank, there are other sources of information. So, in an article on http://motherboard.vice.com, the organizer of the attack explains that this was done at the request of customers who are annoyed by Russia's interference in the American elections.
The hacker, who calls himself vimproducts, claimed responsibility for cyber attacks on the websites of the Moscow Exchange, Bank of Moscow, Rosbank and Alfa-Bank. In addition, he tried to bring down the website of the Ministry of Economic Development of Russia.
Vimproducts did not specify how much such an attack cost, but said that it usually takes from $ 25 to $ 150 per day, depending on the site. For $ 150, he is ready to disable "protected or medium / large web sites. Of course, these attacks (on the resources of Russian banks) are more expensive. ” The cybercriminal also tried to advertise his services, in particular, he asked Motherboard to place a link to his profile on the AlphaBay marketplace in the article, but the publication rejected the request.
It is also believed that some organizers of DDoS-attacks use them as a red herring to hide another attack.
And I remind you that in September 2016, after publishing an article about groups that sell botnet services for DDoS attacks, the website of journalist Brian Krebs (some of whose investigations I translated here and here ) became the victim of a DDoS attack.
After that, in October, the attackers published the source codes of the used malware, which created the risks of uncontrolled replay of attacks by other attackers.
And these risks were confirmed: at the end of October there was a DDoS attack on the DNS provider Dyn, which caused failures in Twitter, CNN, Spotify, Reddit, The New York Times and many other popular sites. And now DDoS-yat and financial institutions. In general, you can read about the botnet here or here .
The last large-scale series of DDoS attacks on Russian banks (without the participation of this botnet) occurred in October 2015, when 8 well-known financial organizations were attacked. In total, from October 2015 to March 2016, the Central Bank recorded 21 cyber attacks on the payment systems of Russian financial organizations.
Based on: rbc.ru , motherboard.vice.com , vedomosti.ru
The attacks began on Tuesday, November 8, around 16:00 Moscow time. Websites of at least five organizations from the TOP-10 of the Russian banking market were attacked.
The average duration of each attack was about an hour, the longest lasted almost 12 hours. Some banks were subjected to attacks repeatedly - from two to four attacks with a small interval between them. Attack power reached 660,000 requests per second. A botnet was used for attacks, which consists of more than 24,000 machines. More than 50% of the devices included in the botnet are in the United States, India, Taiwan and Israel. In total, the attacks involved a total of cars from 30 countries. And yes, this is a Mirai based botnet. About this botnet already on Wikipedia there is an article .
')
“The bank’s security systems worked reliably, the attack was promptly detected and localized by Sberbank’s cyber defense units ,” Sberbank reports.
Alfa-Bank says that the DDoS attack was “fairly short-term and weak” and did not affect the operation of business systems.
“The Central Bank knows about these attacks. The botnet from the Internet of Things series participates. Power is not very big. Under the attack of the order of five banks from yesterday, ” said the agency interlocutor.
However, in addition to a source close to the Central Bank, there are other sources of information. So, in an article on http://motherboard.vice.com, the organizer of the attack explains that this was done at the request of customers who are annoyed by Russia's interference in the American elections.
The hacker, who calls himself vimproducts, claimed responsibility for cyber attacks on the websites of the Moscow Exchange, Bank of Moscow, Rosbank and Alfa-Bank. In addition, he tried to bring down the website of the Ministry of Economic Development of Russia.
Vimproducts did not specify how much such an attack cost, but said that it usually takes from $ 25 to $ 150 per day, depending on the site. For $ 150, he is ready to disable "protected or medium / large web sites. Of course, these attacks (on the resources of Russian banks) are more expensive. ” The cybercriminal also tried to advertise his services, in particular, he asked Motherboard to place a link to his profile on the AlphaBay marketplace in the article, but the publication rejected the request.
It is also believed that some organizers of DDoS-attacks use them as a red herring to hide another attack.
And I remind you that in September 2016, after publishing an article about groups that sell botnet services for DDoS attacks, the website of journalist Brian Krebs (some of whose investigations I translated here and here ) became the victim of a DDoS attack.
After that, in October, the attackers published the source codes of the used malware, which created the risks of uncontrolled replay of attacks by other attackers.
And these risks were confirmed: at the end of October there was a DDoS attack on the DNS provider Dyn, which caused failures in Twitter, CNN, Spotify, Reddit, The New York Times and many other popular sites. And now DDoS-yat and financial institutions. In general, you can read about the botnet here or here .
The last large-scale series of DDoS attacks on Russian banks (without the participation of this botnet) occurred in October 2015, when 8 well-known financial organizations were attacked. In total, from October 2015 to March 2016, the Central Bank recorded 21 cyber attacks on the payment systems of Russian financial organizations.
Based on: rbc.ru , motherboard.vice.com , vedomosti.ru
Source: https://habr.com/ru/post/314866/
All Articles