Sberbank, a Russian banking and financial services company, has been targeted by multiple cyberattacks. The bank was hit by the largest Distributed Denial-of-Service (DDoS) attack in its history earlier this month. Sberbank is Russia’s largest and Europe’s third largest financial institution, with total assets of over $570 billion. Thousands of users have been targeting Sberbank in recent months, according to Sergei Lebed, vice president and director of cybersecurity at Sberbank. Following Russia’s invasion of Ukraine, the entity was among the first to be sanctioned, and its operations on the European continent were limited. Since the beginning of the war in February, hackers aligned with Ukraine have targeted Sberbank, and activities are continuing.
Sberbank claims to have stopped the largest DDoS attack it has ever faced on May 6, 2022, with a rate of 450GB/sec. The malicious traffic was generated by a botnet with 27,000 compromised devices in the United States, the United Kingdom, Japan, and Taiwan. Cybercriminals used a variety of strategies to deploy this cyberattack, including code injections into advertising scripts, malicious Chrome extensions, and Docker containers weaponized with DDoS tools. According to Lebed, in the last several months they have identified over 100,000 internet users hitting Sberbank. Many of these attacks took advantage of online streaming and movie theater traffic. The same strategy is used by pro-Russian threat organizations against Ukrainian websites. Visitors’ web browsers run code found in injected scripts, which generates a large number of requests to certain URLs, in this case, under Sberbank’s domain. “Today, the bank faces cyberattacks around the clock. Sberbank’s Security Operation Center analyzes cyber threats 24/7 and promptly responds to them. However, when it comes to companies in other sectors, most of them have never encountered anything like this before and may suffer damages,” stated Sergei Lebed.