Posted on August 29, 2018 at 6:42 PM
Another DDoS attack was reported earlier this week, with its target being Spain’s Central Bank.
Banco de España suffers a DDoS attack
The Central Bank of Spain stated recently that its website was forced to go offline on Monday, August 27, due to their struggle to fend off a DDoS attack. The statement also claims that the attack did not disrupt the bank’s everyday operations and that their communication with the Central Bank of Europe was not affected.
Additionally, the bank also claims that it is positive that they did not suffer any kind of data breach. The bank’s spokeswoman confirmed that the DDoS attack only affected access to the bank’s website, while all other aspects continued to function normally. The spokeswoman also reminded everyone that the bank is a national central bank of Spain and not a commercial one. As such, it does not offer banking services.
The website was brought back on Tuesday, and it continued to function normally ever since. Despite the fact that the bank handled the attack pretty well, and with no security breaches, this is still a reminder that no website is safe from these attacks. Additionally, they seem to be growing in popularity, and there are even websites that allow people to actually order up such attacks.
Arresting the cybercriminals
The mentioned websites that offer to order up DDoS attacks are called stresser/booter services. Various law enforcement agencies are working hard on tracking down the providers of such services and placing them under arrest.
Back in April, European police stated that they managed to seize what is believed to be the largest provider of DDoS attacks in the world — Webstresser.org. According to the announcement, the site had over 136 million registered users, with over 4 million attacks in its history. The attacks hit various targets, from government agencies and banks to gaming websites, police forces, and pretty much anything else.
Six individuals suspected of being the website’s top administrators were placed under arrest all over Europe. They were located in the UK, Canada, Croatia, as well as Serbia. Europol, the law enforcement intelligence agency of the EU, also stated that some of the suspected top users were also arrested in Canada, Italy, Australia, Croatia, Spain, Hong Kong, the UK, as well as the Netherlands. Despite the significant success of the operation, however, the number of DDoS attacks, or services that are offering them, is not decreasing.
Cheap DDoS attacks
One of the biggest surprises comes when you realize just how cheap ordering these attacks actually is. According to Kaspersky Lab’s report from last year. one Russian provider offered DDoS attacks for only $50 per day. Other services charge only $10 per hour, which is ridiculously cheap considering how much damage these attacks can cause.
The FBI tried to make a breakthrough by urging the victims of such attacks to come forward and report their experiences so that the intelligence agencies would have a better picture of what they are dealing with.
According to statistics by DDoS defense firms, the most likely targets of DDoS attacks are wired communication carriers, with 796,677 confirmed attacks. After that, the second place is held by the telecommunications industry, with 491.314 attacks. The third place is shared by services focused on hosting, data processing, and similar activities, with 316,395 attacks. Next, we have wireless telecommunications carriers which were hit by 157,388 attacks, and finally, there are software publishers with “only” 44,724 confirmed attacks. These results were provided by Arbor Netscout, and their results came from tracking the DDoS attacks in the first six months of 2018.
According to VeriSign, another DDoS defense provider, in the Q1 of 2018, the most likely targets of DDoS attacks are financial services (57%), followed by IT firms (26%) and telecommunications (17%).