In response to the Reuters report that the Bank of Spain is under a DDoS attack, IT security experts commented below.
Andrew Lloyd, President at Corero Network Security:
“Worryingly, as of right now (Tuesday afternoon local time), their website (www.bde.es) remains offline despite the attack having started on Sunday. Whether this is as a result of an ongoing attack, recovering from any resulting damage or as a precaution pending a forensic investigation is not clear.
“The recent guidance from the Bank of England (BoE) requires banks to have the cyber-resilience to “resist and recover” with a heavy emphasis on “resist”. The BoE guidance is a modern take on the old adage that “prevention is better than cure”. Whatever protection the Bank of Spain had in place to resist a DoS attack has clearly proven to be insufficient to prevent this outage.
“Corero continues to recommend that banks and other financial institutions invest in real-time protection that can detect and instantly mitigate attacks before they compromise systems and impact customer service.”
Ilia Kolochenko, CEO at High-Tech Bridge:
“DDoS attacks can be easily hired on the Dark Web for very small dollar amounts, while payment in crypto-currencies make them virtually uninvestigatable. Anyone can be behind it, from a disgruntled employee, unhappy customer or even a DDoS-for-hire service making this type of “ad” on a live website simply to demonstrate their capacities. By definition, a DDoS attack cannot compromise any systems or sensitive data, therefore customers should not worry. However, frequently DDoS attacks are used as a distracting maneuver for IT security teams, while cybercriminals are exfiltrating data from the company. Thus the incident should be mutinously investigated.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.