Members of Anonymous recently announced the launch of a 30-day campaign targeting central banking sites worldwide with DDoS attacks. Early targets of the campaign included the Central Banks of Cyprus, Greece and the Netherlands.
“Like Icarus, the powers that be have flown too close to the sun, and the time has come to set the wings of their empire ablaze, and watch the system their power relies on come to a grinding halt and come crashing down around them,” Anonymous stated in a YouTube video announcing the campaign. “We must strike at the heart of their empire by once again throw a wrench into the machine, but this time we face a much bigger target — the global financial system. This time our target is the Global Banking Cartel.”
On May 3, the hackers briefly took down the website for the Bank of Greece, though bank officials said the attack didn’t cause any damage. “The attack lasted for a few minutes and was successfully tackled by the bank’s security systems,” an official told Reuters. “The only thing that was affected by the denial-of-service attack was our website.”
Other targets included the Central Bank of the Dominican Republic on May 3, the Central Bank of Cyprus on May 4, the Central Banks of the Netherlands and the Maldives on May 5, and the Guernsey Financial Services Commission on May 6.
Rene Paap, security evangelist at A10 Networks, told eSecurity Planet that the attackers only need to take a bank’s website down for a few minutes to make their point. “The attack itself was the message, and you can be sure the banks heard it loud and clear,” he said.
“DDoS attacks are cheap, easy to launch and can come from anywhere,” Paap added. “National banks should be tightening their DDoS defenses, including against multi-vector DDoS attacks. This is just the beginning.”
According to the results of a recent Neustar survey of more than 1,000 IT professionals worldwide, 73 percent of global brands and organizations were hit by DDoS attacks in 2015.
Fully 82 percent of organizations that experienced a DDoS attack were attacked more than once, and 45 percent were attacked six times or more.
While 42 percent of respondents said it would take them at least three hours to detect that they’re being hit by a DDoS attack, 50 percent said they would lose at least $100,000 per hour in a peak-time DDoS-related outage. One third said they would lose more than $250,000 per hour.
In response, 76 percent of organizations invested more in DDoS protection in 2015 than they did in 2014, and 47 percent of attacked organizations are participating in security consortiums to share threat information.
“The findings of our most recent report are clear: attacks are unrelenting around the world, but organizations are now recognizing DDoS attacks for what they are — an institutionalized weapon of cyber warfare — and so are protecting themselves,” Neustar head of IT security research Rodney Joffe said in a statement.
A recent eSecurity Planet article examined the financial impact of DDoS attacks.