Denmark Central Bank Hit By DDoS Attack and Other Private Banks

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | Jan 11, 2023 02:02 am PST

In yet another DDoS attack on financial institutions, according to the Denmark central bank and an IT business that works with the financial sector. Hackers have disabled access to the websites of seven private banks in Denmark this week. Reports by Channel News Asia have it that Distributed Denials of Service, which direct traffic toward targeted servers to bring them offline, targeted the central bank’s website and the website of Bankdata. This is a business that creates IT solutions for the financial sector.

On Tuesday afternoon, the central bank reported that its website was regularly operating and added that the attack did not affect its other systems or regular business operations. Following the DDoS attack on Bankdata on Tuesday, seven private banks’ websites had access temporarily restricted; a business spokeswoman told CNA.

According to the study, the affected banks are two of Denmark’s most prominent commercial banks, Jyske Bank and Sydbank. On Tuesday, Sydbank restricted access to its website, which was announced on its Facebook page. A Jyske representative acknowledged that some consumers encountered difficulties accessing the company’s website on Tuesday.

Why Is The Financial Sector At Increasing Risk Of Cyberattacks?

Banks are where the money is; little wonder it’s an easy target for cybercriminals. Attacking banks offers multiple avenues for profit through extortion, theft, and fraud. The following are a few reasons why banks are at increasing risk of cyberattacks.

  • Quick digitization:

The focus of current technology is on automation and comfort. Everyone requires that everything be completed immediately via quicker, more convenient routes. Unfortunately, the financial industry has unintentionally made itself a much bigger vulnerability target in haste to digitalize and enhance customer banking capabilities.

We know that banks own substantial sums of money and resources that may be used against a wide range of people, which is why they have become such a prime target for cyberattacks. Through the years, certain variables have increased the accessibility of this vulnerability:

  • Adoption of clouds:

The financial sector is no exception; cloud computing has transformed the sector and made significant strides in offering affordable and effective IT infrastructure solutions for numerous businesses. The cloud has historically represented a radical shift for most industries.

However, like with all technological advancements, the harder we fall, the higher we climb. Cloud misconfiguration risks have severe implications for data security. A cyberattack could easily penetrate a regular cloud network without adequate cybersecurity measures in place, which could result in the release of personal information, passwords, and other sensitive data for the financial sector.

  • Remote Employment:

Many firms have chosen to move towards remote or hybrid working methods, which enable employees to work remotely in the wake of the Covid-19 outbreak. This was viewed as the best strategy to guarantee optimal effectiveness while yet minimizing office environment costs.

This organizational structure has been adopted by financial organizations as well, increasing the attack surface area for cybercriminals. There is often a gaping backdoor into the firm’s network because remote workers who have access to company servers and databases do not usually have standardized cybersecurity protections installed on their devices.

  • Weak cyber defense:

Naturally, a weak IT infrastructure will put the security of your entire network at risk. Governments and data protection organizations frequently pressure financial firms to implement cutting-edge cybersecurity safeguards, but few comply. According to research by Clearswift, employees who violate firm data protection standards are responsible for over half of security incidents in the financial sector. This threat was particularly pronounced for mid-sized financial companies.

5 Most Serious Risks To A Bank’s Cybersecurity

  • Unencrypted Data:

On computers inside your banking institution and online, all information should be secured. This is a very fundamental but essential aspect of cyber security. If your data is encrypted, even if hackers take it, they will not be able to use it right away. If the data is not encrypted, hackers can use it immediately, which will cause major issues for your financial institution.

  • Malware:

Every time they connect to your network, end-user devices, including computers and smartphones, that have been infected with malware put the security of your bank at risk. Sensitive data travels across this connection, and without adequate security, malware on the end user device could attack the networks of your bank.

  • Non-secure third-party services:

To provide their customers with better service, many banks and financial institutions use third-party services from other suppliers. Your bank might suffer, though, if those third-party contractors need strong cybersecurity protocols in place. Before implementing their solutions, it’s crucial to consider how you can defend against security dangers imposed by third parties.

  • Falsified or manipulated data:

Sometimes, hackers just enter to alter data instead of stealing it. If your bank has been hacked in this way, it may be difficult to tell what has been altered and what hasn’t because the altered data doesn’t always appear to be any different from unaltered data on the surface. Unfortunately, it can be challenging to spot an assault of this nature immediately away, and it can cost financial institutions millions of dollars in losses, if not more.

  • DDoS:

Sometimes cybercriminals will execute a DDoS attack as a distraction technique while they launch another form of attack, perhaps to obtain access to and steal critical financial services data. If hackers are able to obtain personal information, such as banking information, they can use it to launch a series of fraudulent schemes.

Conclusion

According to the Danish central bank and an IT business that works with the financial sector, hackers have disabled access to the websites of the Danish central bank and seven private banks in Denmark this week. There were distributed denial of service (DDoS) attacks against the websites of the central bank and Bankdata, an IT solutions provider for the banking industry.

Subscribe
Notify of
guest
4 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Sam Curry
Sam Curry , Chief Security Officer
InfoSec Expert
January 12, 2023 9:57 am

“DDoS attacks can be very hard to track to the ultimate actor responsible, precisely because it is distributed, but also because DDoS is often available as a service from the criminal ecosystem. Possible motivations include a warning shot, an attempt to cause damage, sending a message, a test for something larger or any number of other motivations. Very often the attack is the message and can erode confidence or have an impact on processes, trust and staff.

Historically, the banking industry is one of the most secure against cyberattacks because it is among the most attacked, which means it has built a thick skin and the businesses have developed an appreciation for the business value of information security. And it is more attacked because that is where the money is. As banking has adapted to support a more global and faster pace of business, it has opened avenues for attackers to exfiltrate money. There is a direct relationship between attractiveness of a target and cyber incidents, and the more an industry is in the crosshairs over time, the better it can defend itself.

Banks deal with fraud, specifically, and have been doing so for a lot longer than other industries. Banks have a lot more channels that need to be adaptive in their resistance to fraud. Not only are they part of critical infrastructure (and outside the United States most countries have a small number of very large banks, making them generally more fragile if a single bank is compromised) but they also are target number one for the criminal element, except with respect to ransomware.”

Last edited 4 months ago by Sam Curry
Amit Sharma
Amit Sharma , Security Engineer
InfoSec Expert
January 12, 2023 9:56 am

“DDos is a notorious attack and to my surprise, the targets still have not changed. Targets have mainly been financial or government organisations.

Today, preventing these kinds of attacks without proper defence is not possible. In order to mitigate these threats, solutions and technology must be combined with a focus on processes and people as well.

The implementation of professional solutions can be one way forward but so is keeping an eye on the traffic that you own. Trend analysis of the traffic patterns, characteristics and tendencies of shifts can be another proactive way to be cautious. 

It is crucial that organisations also have a backup plan or plan B in their defence strategy, in case of an incident, to restore their applications back in working order.”

Last edited 4 months ago by Amit Sharma
Javvad Malik
Javvad Malik , Security Awareness Advocate
InfoSec Expert
January 12, 2023 9:55 am

“DDoS attacks are effective at rendering services unavailable or slow them down. The motivation behind these can vary. Sometimes, it’s to vent frustration with a particular organisation. Other times, it can be used as a distraction tactic to get an organisation to respond to the DDoS attack while the real crime is committed elsewhere.

It’s why no attack should be taken lightly, and the impacted organisations should not become so reactive or tunnel visioned that they overlook other important factors.” 

Last edited 4 months ago by Javvad Malik
Cian Heasley
Cian Heasley , Security Consultant
InfoSec Expert
January 12, 2023 9:54 am

“DDoS attacks like this are a real concern for financial institutions because of their ability to disrupt operations, systems or even shut them down entirely. Banks are a prime target for hackers, particularly for state-sponsored threat actors, due to their interconnectivity and the critical nature of the services they provide.

“Attacks like this highlight that although we often fear more sophisticated hacking techniques, such as complex phishing tactics and ransomware, brute force tactics are still a real threat to be reckoned with. Without any attribution as to who is behind this attack, it seems that the motivation behind it is likely to be financial, although it could be hacktivist activity.

“To protect against brute force DDoS you need a robust monitoring system to detect the early signs an attack, such as a spike in incoming traffic. Organisations should undertake regular resilience audits and keep their cybersecurity infrastructure up to date.”

Last edited 4 months ago by Cian Heasley

Recent Posts

4
0
Would love your thoughts, please comment.x
()
x