Bank of Spain was hit by a DDoS attack as a result of which the bank’s website was offline on Monday (August 27). According to the bank’s statement, the attack didn’t have any impact on its operations. Also, communications with the European Central Bank weren’t affected, and there is still no information if there was any type of data breach associated with the DDoS.
Bank of Spain Hit by a DDoS Attack
A Bank of Spain’s spokeswoman said that “we suffered a denial of service attack that intermittently affected access to our website, but it had no effect on the normal functioning of the entity”. The bank representative also added that, as they are the national central bank of Spain, not a commercial bank, they offer no banking services – on-site or online – to individuals nor firms.
The good news is that the bank’s website is back to normal and has been functioning properly as of Tuesday. Even though this attack didn’t have any implications, it serves as a reminder that there is hardly an institution that is not exposed to cyber-attacks of different kinds.
DDoS attacks are typically carried out with the help of stresser/booter service admins using bot-infected machines. Fortunately, one of the biggest international providers of DDoS services, webstresser.org, was seized by European authorities in April. The site had 136 million registered users and had launched more than 4 million attacks against various websites belonging to banks, government agencies, law enforcement, and gaming sites. Six of the website’s top administrators were also arrested.
Two Record-Breaking DDoS Attacks Took Place This Year
А record-breaking DDoS attack took place several months ago. The attack was registered at 1.3 Tbps, with GitHub being the target. The attack was based on a flaw in Memcached servers which was just made public. It became evident that cybercriminals can exploit Memcached servers to carry out large-scale DDoS attacks that don’t require a lot of computational resources.
Just a few days after this attack, an attack at 1.7 Tbps detected by Netscout Arbor, took place. The attack targeted a customer of a US-based service provider. Not surprisingly, the DDoS was based on the same memcached reflection/amplification method known from the attack on GitHub.