Posted on December 8, 2022 at 10:53 AM
Russia’s second-largest bank goes offline after a major DDoS attack
The number of malicious hacking attacks has been on a sharp rise throughout 2022. Research published by Nexusguard has shown that the number of DDoS attacks during the first half of 2022 increased by 75.6% compared to the second half of 2021. The research also suggests that the maximum attack size has dropped compared to the second half of 2021.
However, the attack that recently hit the second-largest bank in Russia, VTB Bank, was so severe that the bank reported that it was not only the biggest one it has experienced this year but the largest such attack in its history. The first signs of the attack were noticed on December 1st, and while there were complaints by the bank’s users, the bank originally tried to keep things quiet. As the service disruption became obvious to everyone, and the website and apps went down, it was forced to reveal the incident to the public, and make an official announcement.
What happened?
The bank, which is 61% state-owned, noted that its internal analysis led it to believe that the attack was planned and conducted in order to cause inconvenience for its customers and that the attackers found that the best way to do so is to disrupt the bank’s services. At the moment, the bank’s website and apps remain offline. However, its core banking services are still capable of operating properly, and the bank can continue making transactions with no disruptions.
VTB also stated that all private information of its customers is protected. The data is carefully stored in its infrastructure’s internal perimeter, and the attackers did not breach it.
So far, the identity of the attacker or attackers that have launched the attack was not been definitively confirmed. However, VTB says that the initial investigation has already revealed that most of the malicious DDoS requests have come from outside Russia. However, some of the IP addresses involved with the attack are of Russian origin, as well, so the bank is dealing with a massive botnet that utilizes hacked devices from all over the world.
Alternatively, it could be that the attackers are foreign but that they are using local proxies to launch a portion of the requests for information that started bombarding the institution’s infrastructure.
After making these discoveries, the bank forwarded them to the country’s authorities, which have opened their own criminal investigation and are looking into the matter themselves. One more thing worth noting is that the bank is partially owned by the Russian Ministry of Economic Development, as well as the Ministry of Finance. In other words, the attack will cause a blow to at least a portion of the Russian government, as well as its regular customers.
Pro-Ukrainian hacktivist group claims responsibility
As mentioned previously, the local authorities have not yet confirmed who was behind the attack, and neither did the bank. However, IT Army of Ukraine, a pro-Ukraine hacktivist group, decided to come out and claim responsibility on its own. In fact, the group announced its intention to attack the bank at the end of November of this year.
Their intentions were revealed in a Telegram post, where they said: “We aim to interrupt payment processing, delay liabilities, undermine bank’s reputation, as usual.”
The Ukrainian government is aware of the group’s existence, and it even gave its blessing during its creation earlier this year, in February. The group itself was formed in response to the Russian attack on the neighboring country, and Ukraine saw the group of volunteers as a good way to boost its cyber front. In other words, if the IT Army of Ukraine is truly behind the attack, then this is yet another battle belonging to the ongoing war.
Previously, the group has claimed responsibility for other attacks, including a crash of an online portal used by Russia’s vodka producers and distributors, as well as the attack on the sites belonging to Russia’s leading aerospace and defense conglomerate, Rostec.
Apart from that, hacking attacks conducted by the supporters of Ukraine have surged in number lately, particularly in November. More than 900 Russian entities were targeted in an attempt to disrupt the country and punish it for its government’s decisions, including stores that sell military equipment, the country’s central bank, Alfa Bank, as well as the National Center for the Development of Artificial Intelligence.