Posted on January 11, 2023 at 4:56 PM
The central bank of Denmark and seven private banks in the country have been targeted by a distributed denial of service (DDoS) attacks. These attacks happened during the week, and they disrupted the operations of these banking institutions.
Danish banks targeted by DDoS attacks
The Danish central banks and an IT company that operates in the country confirmed the DDoS attacks. A report by Reuters noted that the DDoS campaign did not only target the banks but also Bankdata, an IT solutions provider for the financial sector. DDoS attacks direct voluminous traffic to servers to take them offline.
Besides the Danish central bank, the DDoS attacks also targeted some of Denmark’s largest banks, including Jyske Bank and Sydbank. The Reuters report noted that a spokesperson from the central bank had confirmed that operations had been restored and that everything was working normally.
Moreover, the attack did not affect the other systems of the bank or the daily operations of the Danish central banker. However, it did affect the daily operations of the private banks, whose sites were restricted briefly on Tuesday following the attack on Bankdata.
On Tuesday, Sydbank posted an alert on its Facebook page saying that its website was down and access to it was limited. On the other hand, a spokesperson from Jyske confirmed that some of the bank’s customers had issues accessing its website.
Rising DDoS campaigns in the financial industry
DDoS campaigns are usually launched as part of ransomware attacks to compel the targeted institution into paying ransom so that their operations can return to normal. In some cases, they are launched as part of another hacking campaign. The financial services sector is one of the most delicate, which explains the rise in DDoS attacks in the industry.
According to Rick McElroy, a principal cybersecurity strategist at VMware, the recent DDoS attack targeting the Danish central bank and an IT company offering financial UIT solutions showed that the banking industry was a top target for cybercriminals.
“Our data shows nearly two out of three financial institutions have experienced an increase in destructive attacks aimed at destroying data and dismantling subnets in this sector,” McElroy said. A rise in the frequency of such attacks threatens to cripple the financial services industry.
The security expert has also said that the goal behind the latest DDoS campaign targeting the banking sector of Denmark seemed to be a disruption that would affect the daily operations of these financial institutions and the broader society, including the customers that relied on these banks for their daily activities.
McElroy noted that the financial industry was at risk of DDoS campaigns and other cybersecurity attacks, such as ransomware. The growing threat of these attacks meant that these institutions needed the right measures to avoid significant losses. This would be achieved by raising the cybersecurity budget for the industry by around 30%.
Amit Sharma, a security engineer with the Synopsys Software Integrity Group, aired the same thoughts. Sharma noted that financial service providers couldn’t protect themselves against DDoS attacks without the right defense mechanisms.
While speaking with Infosecurity, Sharma said that adopting professional solutions would be one of the best ways to prevent hackers from compromising internet traffic. These institutions also needed to figure out how they could become proactive and prevent such attacks.
While speaking to the publication, Sharma said that “The implementation of professional solutions can be one way forward but so is keeping an eye on the traffic that you own. Trend analysis of the traffic patterns, characteristic, and tendencies of shifts can be another proactive way to be cautious.”
Sharma also said that it was important that organizations have a backup plan in case their systems were compromised. A plan B was also needed to ensure that operations continued running smoothly in case of a breach. Taking such proactive measures would ensure that an organization’s operations were restored to normalcy in case of an incident.
The recent attack on the Danish central bank and IT company come amid a notable increase in DDoS attacks targeting organizations globally. Last year, several US states were victims of DDoS campaigns that temporarily affected their operations. The attacks were attributed to Russian threat actor groups. The groups also targeted other key US institutions, including the US Treasury.