Russian banks hit by cyber-attack

Five Russian banks have been under intermittent cyber-attack for two days, said the country’s banking regulator.

The state-owned Sberbank was one target of the prolonged attacks, it said.

Hackers sought to overwhelm the websites of the banks by deluging them with data in what is known as a Distributed Denial of Service (DDoS) attack.

Security firm Kaspersky said the attacks were among the largest it had seen aimed at Russian banks.

Poor passwords

The data floods began on 8 November and have continued intermittently ever since, it added.

Most of the data deluges lasted about 60 minutes but the most persistent attack went on for almost 12 hours, the security firm said.

In a statement, Sberbank said it was able to neutralise the attack without affecting the ongoing operation of its website. It said it had suffered 68 similar attacks in 2016 but the ones in November ranked among the biggest it had faced.

The names of the other banks that were hit have not been released but all are believed to be among the 10 biggest in Russia.

The hackers behind the DDoS attacks are believed to have generated the huge amounts of data by taking over smart devices such as webcams and digital video recorders that use easy to guess passwords.

Devices in the USA, India, Taiwan and Israel were all used in the attack, said the security firm.

Russian state agencies that tackle cybercrime had been informed of the attacks, the banking regulator said.

In late October, similar attacks caused widespread disruption with many popular sites, including Reddit, Spotify and Twitter, briefly becoming hard to reach.