Posted on November 18, 2022 at 7:41 PM
Russian brokerage firms were arguably the targets of the most powerful DDoS attacks in history, according to a recent report by StormWall. The attacks caused technical issues on their websites and deprived users of any access to their services for several hours.
The company’s security experts noted that in the past there were only a few documented cases of cyber attacks on brokers, with most of them targeted for extortion. However, this time there were very strong attacks on several companies at the same time. Those affected include Finam and Otkrytie Investments, as well as BCS.
The Attackers Could Be Politically Motivated
The analysts also believe that the attacks were politically motivated. The Telegram channel of the Ukrainian IT Army made earlier calls for such attacks. The IT Army has also grown and expanded its membership, with more than 200,000 members registered with the group. It was formed at the earlier phase of the Russian/Ukraine war to combat the Russian threat actors and defend Ukrainian infrastructural facilities being attacked. The group comprises hacktivists from different locations in the world, including from the U.S, the U.K, and Europe.
The researchers stated that the attacks most likely lasted for up to seven hours, but some even lasted for more than 10 years. The peak of the attacks came at the end of October 2022.
StormWall reported that the attacks caused severe damage to some of the entities affected. The attack also led to the damage of major services of brokerage companies. Users could not use brokerage services, and there were several technical crashes in personal accounts. Also, most of the affected websites were not available for several hours.
However, some of the targeted brokerage firms managed to avoid serious consequences because of the use of modern DDoS-attack protection systems.
A DDoS attack is used to disrupt the network of targeted companies by loading the web servers with several requests at the same time.
Generally, web servers are limited in the number of requests they can serve at the same time. There are also bandwidth limitations on the channels that are connected to the servers. In a DDoS attack, the threat actors try to send an overwhelming number of requests that are far higher than what the targeted server can handle. This can lead to misbehavior on the part of the targeted facility or a total shutdown of the channel. Such an incident is what is usually referred to as a denial-of-service (DoS).
Russian Banks Are Targets of the IT Army of Ukraine
In a related development, the Ukraine IT Army group has claimed to have stolen 27,000 files from the Russian central bank.
The hacktivist group stated on Thursday that the files contain 2.6 gigabytes of data, and have been made available on the Telegram accounts of Ukraine’s minister of digital transformation, Mykhailo Fedorov.
Federov stated that the group has a lot of important information about specialized automated banking systems, their KPI systems, principles of their interaction, and their output files, as well as other materials that circulate in the bank’s networks. According to the information, the IT Army accessed data of military personnel, details of financial transactions of the Russian Ministry of Defense, and other important details such as card numbers and phone numbers.
However, the Russian state-owned news agency Tass denied the claim, stating that the Bank of Russia did not witness any attack. The news agency added that the allegedly stolen files have been available online. The IT Army also claimed that it disrupted the payment processing of Alfa Bank, which is a privately held financial institution in Moscow.
Forbes Russia recently reported that clients in Russia’s Alfa Bank of Investment were not able to access their portfolios.
The War In Cyberspace Continues For Russia and Ukraine
The cyber war between Russia and Ukraine has been ongoing since February when the political war between both countries heated up. Since the invasion, cyberspace has become a proxy zone for conflict, although on a much smaller level compared to what was initially expected.
In August, Cyber Peace Institute reported that since the war started in Ukraine, Russia has suffered 102 attacks while Ukraine has been hit 114 times. As the political battles continue on the physical battlefield, cyberspace is also busy with a series of attacks and counter-attacks from supporters of both countries.