Russian Banks Hit by IoT DDoS Deluge

Russian Banks Hit by IoT DDoS Deluge

Several Russian banks have been deluged by DDoS attacks this week thought to be powered by IoT botnets and among the largest ever seen targeting the sector.

The attacks began on 8 November and are still ongoing, with the longest blitz lasting 12 hours and peaking at 660,000 requests per second, Kaspersky Lab told Infosecurity.

The attackers are using at least one botnet of 24,000 devices located in 30 countries to deluge the banks with syn-flood and http-flood attacks, the security vendor revealed. More than half of those devices are apparently located in the US, India, Taiwan and Israel.

The BBC claimed five banks were involved, with a statement from one of the affected lenders, Sberbank, claiming these attacks are among the biggest it has ever faced.

Kaspersky Lab said that, although the culprit appears to be compromised IoT devices, it doesn’t look like the work of Mirai.

Last month attackers using the open sourced Mirai malware managed to compromise an estimated 100,000 such devices by automating the process of finding smart products featuring factory default or hard coded log-ins.

That botnet is said to have fired an attack exceeding 1Tbps at DNS provider Dyn, which ended up taking big name customers including Reddit, Twitter and Spotify briefly offline.

Paul McEvatt, Fujitsu UK & I senior cyber threat intelligence manager, argued that IoT manufacturers are still treating security as an afterthought.

“To help shift this mind-set and make securing internet connected devices easier for businesses, the Online Trust Alliance (OTA) has produced a framework in IoT security, offering guidance on how to secure embedded devices,” he explained.

“This introduction of a kite mark standard for IoT devices is a progressive step towards ensuring safe practice is followed and that security of such devices against these types of hacks is at a premium. This is especially important for the financial sector which handles lots of sensitive data.”

Source: Information Security Magazine