Sberbank, Russia’s banking and financial services firm, has been the victim of unprecedented hacking attacks. Earlier this month, the bank was hit by the greatest distributed denial-of-service (DDoS) attack in its history. Sergei Lebed, VP and director of cybersecurity at Sberbank, said to the audience at the Positive Hack Days conference that thousands of internet users have been targeting Sberbank in recent months.
Sberbank is Russia’s most prominent financial institution and Europe’s third-largest, with total assets exceeding $570 billion. Following Russia’s invasion of Ukraine, the organization was among the first to be sanctioned, and its operations on the European continent have been severely limited as a result. Since the beginning of the crisis in February, hackers aligned with Ukraine have targeted Sberbank. This action, as per the bank, is continuing.
Sberbank claims to have repulsed the largest DDoS attack it has ever witnessed on May 6, 2022, at a rate of 450GB/sec. DDoS attacks deplete resources, making online services inaccessible to clients, causing business interruption and financial losses. A botnet with 27,000 infected devices in the United States, Japan, Taiwan, and the United Kingdom generated the malicious traffic that enabled the attack against Sberbank’s main website.
According to Lebed, cybercriminals employed various strategies to carry out this cyberattack, including code injections into advertising scripts, malicious Chrome extensions, and Docker containers loaded with DDoS tools. They have identified over 100,000 internet users hitting them in the last few months, with 46 simultaneous DDoS attempts on various Sberbank services reported in March.
These cyberattacks took advantage of internet streaming and movie theater traffic, a strategy used by pro-Russian threat organizations against critical Ukrainian websites. Visitors’ web browsers run carefully constructed code contained in injected scripts, which generates many requests to specific URLs under Sberbank’s domain.
“However, when it comes to companies in other sectors, most of them have never encountered anything like this before and may suffer damages,” alerted Sberbank’s vice president.
DDoS attacks of this magnitude are likely to persist as long as geopolitical tensions create a polarized atmosphere. As Sberbank’s announcement indicates, they may decrease in number but increase in power. This is in line with Radware’s revelation from yesterday, which detailed a 36-hour 1.1 Tbps DDoS attack, indicating that threat actors are becoming significantly more capable than last year.
