The information security team at Sberbank, Russia’s largest bank and one of the most important financial institutions in Europe has just repelled a denial-of-service (DoS) attack targeting its networks; according to the bank’s report, this was the largest DoS attack attempt ever registered.
The attack attempt was carried out using
millions of hacked Internet
of Things (IoT) devices, Stanislav Kuznetsov, a Sberbank official, said
during the World Economic Forum in Davos.
Kuznetsov claims that the attack took place
during the first days of the year, although the institution has a defense
protocol against such incidents since 2019, when a first attempt of attack using
resources much less advanced were detected on corporate networks: “Last
fall we detected signs of anomalous activity in our networks, so we began to
prepare against a potential attack. Our experts say this attempted attack was
about 30 times more powerful than conventional DoS attacks.”
The bank’s information security team claims
that the attack had no consequence on its systems, besides, after stopping the
incident, bank officials notified police and stated they were willing to
cooperate in the investigation. The method used by hackers, their country of
origin, or the tactics used by the bank to repel the attack are still unknown.
Information security specialists say the number
of IoT devices already triples the number of inhabitants worldwide. In addition
to this, their weak security features make them attractive targets for hackers,
who compromise these devices to integrate huge botnets used in attacks like
this one. Moreover, the International Institute of Cyber Security (IICS) states
that within five years the number of active IoT devices in the world will be
five times the number of inhabitants on earth. Forecasts regarding the use of
IoT devices are pessimistic, so it is urgent that manufacturers start designing
better strategies for the security and maintenance of these equipments.