Sberbank faces record DDoS attack amid Russia-Ukraine conflict

Russia’s largest bank, Sberbank, has been hit by a record Distributed Denial of Service (DDoS) attack, peaking at one million requests per second. The attack occurred on Thursday, amid the ongoing Russia-Ukraine conflict, and is suspected to be the work of Pro-Ukraine hacktivists. The incident was confirmed by Sberbank’s CEO, Herman Gref, who acknowledged it as their most potent attack to date.

Two weeks prior to this event, on October 30, 2023, the National Payment Card System’s (NSCP) website Mir also faced a cyberattack. The attackers alleged the use of NSPK customer data for the attack, an assertion that was refuted by Mir.

Sberbank has a history of mitigating significant cyberattacks. In May 2022, the bank successfully handled a massive DDoS attack that peaked at 450 gigabytes per second. This assault was launched via a botnet of over 27,000 infected devices.

The recent attacks on Sberbank mirror similar incidents observed by tech giants such as Google (NASDAQ:), Amazon (NASDAQ:), and Cloudflare (NYSE:). These companies reported managing DDoS attacks using the HTTP/2 Rapid Reset technique that handled up to 398 million requests per second. This type of attack exploits HTTP/2’s stream cancellation feature to cause a Denial of Service (DOS) condition.

The increasing frequency and magnitude of these cyberattacks highlight the escalating cybersecurity threats faced by global financial institutions amidst geopolitical conflicts.

This article was generated with the support of AI and reviewed by an editor. For more information see our T&C.