A massive cyberattack has hit at least five of Russia’s largest banks, Moscow-based internet security giant Kaspersky said Thursday.
The country’s largest lender, state-controlled Sberbank, said it had been hacked into on Tuesday but managed to neutralise the attack automatically without disturbing its operations.
Kaspersky said in a statement that the distribution of denial attacks (DDoS) began Tuesday at 1300 GMT and targeted “the websites of at least five well-known financial institutions in the top 10” in Russia.
The attacks were still continuing on Thursday. Most lasted around one hour but the longest lasted almost 12 hours, Kaspersky said.
DDoS attacks involve flooding websites with more traffic than they can handle, making them difficult to access or taking them offline entirely.
These attacks saw as many as 660,000 requests being sent per second using a network of more than 24,000 hijacked devices located in 30 countries. More than half the devices were in the United States, India, Taiwan and Israel, Kaspersky said.
Contacted by AFP, Russia’s central bank confirmed that it had identified “attacks on a number of large banks,” describing their intensity as “medium” and saying they did not disrupt access to banking services.
It said the attacks used botnets made up of the “Internet of things”—electronic devices such as CCTV cameras or digital video recorders plugged in to offices and homes worldwide.
A senior executive at Sberbank, Stanislav Kuznetsov, told Interfax news agency that the bank had suffered 68 such attacks this year and that the latest was among the biggest.
Kaspersky said that DDoS attacks “have long been one of the most popular instruments used by criminals to attack businesses.”
Such attacks have grown more frequent in recent years with the development of online banking but also in the context of heightened tensions over the crisis in Ukraine with attackers targeting the sites of the Kremlin and NATO.
Most recently Washington accused Russia of using cyberattacks against the Democratic Party to attempt to disrupt this week’s presidential election.
Filed Under: Industry regulations + certifications