Sberbank, Russia’s banking and financial services company, has been the target of unprecedented hacking attacks. The bank was hit by the largest distributed denial-of-service (DDoS) attack in its history earlier this month.
Thousands of internet users have been targeting Sberbank in recent months, according to Sergei Lebed, vice president and director of cybersecurity at Sberbank, who spoke to the audience at the Positive Hack Days conference.
Sberbank is Russia’s largest financial institution and Europe’s third largest, with total assets exceeding $570 billion.
Following Russia’s invasion of Ukraine, the entity was among the first to be sanctioned, and its operations on the European continent have been severely limited as a result.
Since the beginning of the crisis in February, hackers aligned with Ukraine have targeted Sberbank. This action, according to the bank, is continuing.
Waves of massive attacks
Sberbank claims to have repulsed the largest DDoS attack it has ever witnessed on May 6, 2022, with a rate of 450 GB/sec.
DDoS assaults deplete resources, making online services inaccessible to clients, causing business interruption and financial losses.
A botnet with 27,000 compromised devices in the United States, the United Kingdom, Japan, and Taiwan generated the malicious traffic that enabled the attack against Sberbank’s main website.
Cybercriminals employed a variety of strategies to carry out this cyberattack, including code injections into advertising scripts, malicious Chrome extensions, and Docker containers loaded with DDoS tools, according to Lebed.
According to Lebed, they have detected over 100,000 internet users hitting them in the last few months, with 46 simultaneous DDoS attempts on various Sberbank services reported in March.
Many of these attacks took advantage of online streaming and movie theater traffic, a strategy used by pro-Russian threat organizations against critical Ukrainian websites.
Visitors’ web browsers run carefully constructed code found in injected scripts, which generates a large number of requests to certain URLs, in this example under Sberbank’s domain.
“The bank is currently under constant cyberattack. Sberbank’s Security Operation Center monitors cyber threats around the clock and responds quickly.” Lebed, Sergei
“However, most enterprises in other sectors have never seen anything like this before and may incur damages,” Sberbank’s vice president cautioned.
DDoS attacks of this magnitude are likely to persist as long as geopolitical tensions create a polarized atmosphere, and as Sberbank’s announcement concludes, they may decrease in number but increase in power.
This is consistent with Radware’s research from yesterday, which detailed a 36-hour 1.1 Tbps DDoS attack, indicating that threat actors are becoming significantly more capable than they were last year.
