Russian bank suffers the largest DDoS attack by IOT devices of history

The information security team at Sberbank, Russia’s largest bank and one of the most important financial institutions in Europe has just repelled a denial-of-service (DoS) attack targeting its networks; according to the bank’s report, this was the largest DoS attack attempt ever registered.

The attack attempt was carried out using millions of hacked Internet of Things (IoT) devices, Stanislav Kuznetsov, a Sberbank official, said during the World Economic Forum in Davos.

Kuznetsov claims that the attack took place during the first days of the year, although the institution has a defense protocol against such incidents since 2019, when a first attempt of attack using resources much less advanced were detected on corporate networks: “Last fall we detected signs of anomalous activity in our networks, so we began to prepare against a potential attack. Our experts say this attempted attack was about 30 times more powerful than conventional DoS attacks.”

The bank’s information security team claims that the attack had no consequence on its systems, besides, after stopping the incident, bank officials notified police and stated they were willing to cooperate in the investigation. The method used by hackers, their country of origin, or the tactics used by the bank to repel the attack are still unknown.

Information security specialists say the number of IoT devices already triples the number of inhabitants worldwide. In addition to this, their weak security features make them attractive targets for hackers, who compromise these devices to integrate huge botnets used in attacks like this one. Moreover, the International Institute of Cyber Security (IICS) states that within five years the number of active IoT devices in the world will be five times the number of inhabitants on earth. Forecasts regarding the use of IoT devices are pessimistic, so it is urgent that manufacturers start designing better strategies for the security and maintenance of these equipments.