DDOS attacks on Sberbank

Main article: DDoS attacks on banks in Russia

Information security at Sberbank

Main article: Sberbank (information security)

2024: Sberbank recorded the largest cyber attack in its history - it lasted 13 hours

Sberbank was subjected to the largest DDoS attack in its history. The duration of the attack was more than 13 hours. This was announced in September 2024 by the Deputy Chairman of the Board of Sberbank Stanislav Kuznetsov, specifying that a record cyber attack was recorded in July 2024.

According to TASS, the attack was successfully repelled by the Sberbank cybersecurity service. At the same time, customer funds remained safe and did not suffer. Kuznetsov noted that such attacks are becoming more and more frequent and large-scale, but thanks to the bank's reliable protection system, which works in automated mode, cybercriminals fail to inflict significant damage.

Sberbank was subjected to the largest DDoS attack in its history

According to Kuznetsov, since the beginning of 2024, the number of DDoS attacks on Sberbank has increased by at least 40%. All attempts were successfully reflected, however, despite the strengthening of the bank's protection, the threat from fraudsters remains relevant. He called the main sources of cyber threats fraudulent call centers operating from the territory of Ukraine under the auspices of the Ukrainian authorities. For these criminal gangs, such activities are an important item of income.

The Deputy Chairman of the Board of Sberbank also stressed that, despite the successes in the fight against cybercrime, the situation in other organizations, including government agencies, is much worse. Many of them do not have the same powerful protection as Sberbank, and are forced to face long-term downtime of their systems and sites as a result of successful attacks. This is causing tangible damage to both the organizations themselves and their businesses and customers.

As an example of large-scale attacks, Kuznetsov recalled that in November 2023 the bank was also subjected to one of the most powerful DDoS attacks. Then the number of requests per second reached a record level - 1 million requests, which led to the temporary disabling of the bank's website. German Gref, the head of Sberbank, previously noted that the bank faces an average of ten cyber attacks per month, but the criminals have not yet managed to break through even the first circuit of defense, of which Sberbank has only three.^[1]

2023

How cyber attacks on Sberbank changed in 2023. Stats on Giant Numbers

The Sberbank Cyber ​ ​ Defense Center in 2023 processed 145 trillion security events (398 billion events per day) and 107 thousand suspicions of cybersecurity incidents. The bank announced this in its ESG report, published on May 22, 2024. Sberbank claims that zero minutes of downtime have been provided due to DDoS attacks and zero rubles of losses from accounts as a result of cyber attacks.

The report provides statistics on how cyber attacks on Sberbank changed in 2023:

The Cyber ​ ​ Defense Center operates on the basis of the Security Operations Center (SOC) technology core, built on the basis of its own developments - cybersecurity event processing systems (RTCE) and a threat and vulnerability analysis platform (TIP). The use of the latter, in particular, reduced the average time for analyzing cyber threats by up to 15 minutes.

In 2023, geopolitical conflicts influenced the landscape of cyber threats, Sberbank states in its ESG report. Criminal groups, as a rule, acted for political and religious reasons. The main goals of cyberattacks were to create public resonance, espionage and fraud.

It is noteworthy that artificial intelligence tools began to be actively used to carry out attacks in 2023. To prepare and conduct phishing campaigns, attackers began to use machine learning and neural network technologies (ChatGPT and others).

To combat fraud, Sberbank uses an anti-fraud system. According to the ESG report, it analyzes 10 billion financial and 20 billion non-financial transactions per month. Over 20 AI models of various types have been developed and used to effectively counter fraud and protect bank customers.

Sberbank says that thanks to the anti-fraud system, 276 billion rubles of customer funds were saved in 2023. An additional 520 million rubles were saved through operational information exchange about fraudsters with others, and banks Russia 190 million rubles of stolen funds were returned to customers from drop accounts thanks to the organization of interaction MINISTRY OF INTERNAL AFFAIRS with Russia. At the same time, the number of requests from Sberbank clients on cyber fraud has been reduced by 35%.

Repelling 124 DDoS attacks and saving 300 billion rubles per year. "Sber" summed up the work of the information security system

In 2023, Sberbank successfully repelled 124 DDoS attacks, and also prevented the theft of almost 300 billion rubles of customer funds. Stanislav Kuznetsov, his deputy chairman of the board, spoke about the results of the work of the bank's information security systems.

In 2023, the effectiveness of our antifrod reached 99.6% - this is the best indicator among such systems in the world, but at the same time we set ourselves an even more ambitious goal - to reach the level of 99.9%. Since the beginning of the SVO [special military operation of the Russian Federation in Ukraine - approx. TAdviser], more than 600 attacks have been committed on Sberbank, while none of them were effective, "Kuznetsov said during a working visit to Simferopol, where the head office of Sberbank opened on January 18, 2024 (quoted by Kommersant).

According to Sberbank, by the end of 2023, the share of telephone fraud is 85%. There are 8 million fraudulent calls per day, more than 1 thousand call centers call citizens of the Russian Federation.

With the increasing availability of new technologies, new threats arise, in particular the creation of deepfakes. Such cases are already known until they are of a mass nature, as they require more resources for preparation. However, this is already a very real threat, for which you need to be ready, - said Stanislav Kuznetsov.

According to him, following the increase in the level of qualification and coordination of attackers, the complexity of the attacks will grow. Also, according to the deputy chairman of Sberbank, "the obvious trend of recent times" is attacks on supply chains.

Attackers cannot succeed by attacking Sberbank head-on, so we see more and more frequent attempts to attack the companies of the Sberbank group and our partners, "Kuznetsov said.[2]

"Sberbank" survived the most powerful DDoS attack in history

On November 7, 2023, the head of Sberbank, German Gref, announced the largest DDoS attack on a credit institution. According to the press service of Sberbank, hackers tried to disable the bank's IT infrastructure, sending 1 million requests per second.

If we talk about DDoS, then the last attack was probably two weeks ago. It was the most powerful attack in our history. It was about three to four times more powerful than the most powerful before, "Gref told reporters (quoted by TASS).

He stressed that hackers have never been able to break through even the first circuit of the bank's protection. In total, Sber has three protection circuits. Every month, the bank faces about ten attacks, said the head of Sberbank. He added that the attack was carried out by some new hackers, the handwriting of which is not known to the credit institution.

Some new very qualified criminals appeared on the market, who began to systematically engage in an attack on the largest Russian resources, "Gref emphasized.

Deputy Anatoly Aksakov, commenting on the cyber attacks on Sberbank, stressed: it is obvious that this is not complete without our Western "partners." The credit institution is really subjected to very powerful attacks, the parliamentarian paid special attention.

According to German Gref, Sberbank does not see a quantitative surge in hacker attacks, but notes that they have become "much more sophisticated than before."

All these attacks are 100% from abroad. In terms of our willingness to reflect them, we have not had a single case where it has affected our performance. But this is due to the fact that we are constantly improving the mechanisms of self-defense. We analyze each attack known to the market, and adjust our defense mechanisms to it, "said the head of Sberbank[3]

2022

DDoS attack involving 100,000 hackers

On October 25, 2022, Sberbank spoke about the largest cyber attack in the history of a credit institution. It lasted more than a day. Read more here.

Sberbank translates its sites to Russian TLS certificates

On September 15, 2022 Sberbank , he announced TAdviser that he had begun installing TLS certificates issued Certification Center Ministry of Digital Development on all his sites, as well as working resources and systems.

Sberbank's transition to domestic certificates certification centers will ensure its independence from foreign certification centers and guarantee users safe access to all resources. bank

"Sberbank is constantly working to replace foreign vendors and services with domestic developments. As part of this program, we were the first in the country to replace foreign certificates with domestic ones. In the near future, our main website will be transferred to them sberbank.ru. Also, the rest of the sites, resources and systems of Sberbank will switch to Russian certificates. This guarantees uninterrupted and safe access of our clients to the bank's services, ensuring their independence from foreign solutions, "commented German Gref, President, Chairman of the Management Board of Sberbank.

Sberbank also added that the bank is in constant dialogue with relevant departments and regulators in order to minimize possible restrictions on the part of foreign organizations.

The head of the Ministry of Digital Development of Russia Maksut Shadayev said that the department welcomes the decision of Sberbank to transfer its online services to domestic certificates of certification centers.

"The transfer of the resources of the largest bank and one of the country's leading technology companies to our certificates will be a good example for the entire Russian market and will be an incentive to reduce dependence on foreign companies," Maksut Shadayev said.

TLS certificates are used to ensure uninterrupted operation of sites. According to the minister, the service for issuing security certificates has been operating since March 2022 on the State Public services portal. Just at that moment, foreign companies began to revoke their security certificates and refuse to issue new ones. Without a certificate, the https site in the browser will not open, while the browser will indicate an invalid connection.

The issuance of Russian security certificates is included by the Russian Government in the plan of priority actions to ensure the development of the Russian economy under external sanctions pressure.

Certificates are issued free of charge by the National Certification Center. As of September 15, 2022, the use of such certificates is supported by Yandex.Browser and the Atom browser.

Over the last quarter, Sberbank withstood about 450 DDoS attacks

In the current realities software , the sphere is of particular importance, cyber security"because right now Russia an organized one is being waged against, the cyber war purpose of which is to disable everything," country's critical infrastructure said the Deputy Chairman of the Board in early September 2022. Sberbank Stanislav Kuznetsov

According to him, Sberbank feels it on itself: over the last quarter bank it withstood about 450 DDoS attacks, and 350 were reflected by its subsidiaries. This is the same as in the last five years. The main activity criminals is focused on three directions:, and network attacks. phishing telephone fraud Technological solutions, including the creation of a library of voices criminals, allow such actions to be resisted, which allows you to successfully combat telephone fraud. More. here

Most attacks on Sberbank come from the United States, China and Europe

Deputy Chairman of Sberbank Stanislav Kuznetsov in early June 2022 told. that Sberbank continues to be subjected to hacker attacks - on average, 3 to 5 attacks are committed per day. But, at the same time, the intensity of cyber attacks decreased, and there were no more such powerful attacks as in early May. Most of the attacks, as Sberbank found out, come from the United States, China and Europe.

In addition, since the beginning of the year, Sberbank has blocked more than 50 thousand dropper cards. Kuznetsov also noted that the Sberbank database contains more than a million phone numbers of fraudsters.

Sberbank repelled the most powerful DDoS attack in its history

May 19, 2022 Sberbank announced - DDoSattacks unprecedented power and new tactics. cybercriminals

On May 6, 2022, Sberbank repelled a powerful DDoS attack in its history. It was directed to the bank's website, and malicious traffic generated by the botnet came from more than 27 thousand devices from Taiwan, the USA, Japan and the UK. Its power was more than 450 gigabytes per second.

Criminals use new tactics and tools to conduct cyber attacks, which include injecting code into advertising scripts, using a malicious extension for Google Chrome, using ready-made docker containers with customized attack tools (Docker is a platform for developing, delivering and launching container applications). Criminal groups are well coordinated, the total number of cybercriminals acting against Sberbank exceeds 100 thousand people.

Successful counteraction to cybercrime is possible only if law enforcement agencies, regulators and cybersecurity units work together. And such cooperation is actively developing. Channels of interaction and exchange of information about cyber attacks have already been created, detailed recommendations for protecting infrastructure have been developed. Among other things, a number of measures have been taken to help consolidate efforts to protect the state and business from cybercriminals.

{{quote 'If before February 24, one DDoS attack was recorded per week, then already in March we recorded up to 46 simultaneous DDoS attacks aimed at different Sberbank services. Large tools were used for attacks, including malicious codes embedded in browsers of users who visited online cinema sites.

As of May 2022, the bank is under cyber attacks around the clock. The Sberbank Cyber ​ ​ Protection Center conducts a 24/7 analysis of cyber threats and responds quickly to them, "said Sergei Lebed, Vice President, Director of the Cybersecurity Department of Sberbank}}

In the near future, the number of DDoS attacks will decrease, but their power will continue to grow, that is, they will become more focused and coordinated. Other types of fraud are also possible due to the availability of a large number of databases. The further development of phishing campaigns in order to steal the credentials of employees of organizations and then penetrate the infrastructure of these organizations will also become logical.

Sberbank stopped a large-scale attack from Ukraine on the cards of Russians

Sberbank stopped attack maps Russians the large-scale on the part of the Ukrainian developer, applications who tried to write off funds throughout the accumulated to base customers. It became known on April 18, 2022 from the words of the deputy chairman of the board bank Stanislav Kuznetsov.

I want to talk about the attack that was carried out on many Russian citizens with bank cards. Almost immediately after the start of the special operation, we stopped mass debits from the cards of our clients, - said Kuznetsov.

According to him, the number of write-off attempts reached tens of thousands per minute.

Kuznetsov added that this company, having about 50 different official applications, in violation of the requirements of international payment systems, collected and stored the bank card data of its clients^[4].

2020: The "most powerful" DDoS attack in the history of the bank is recorded

Sberbank recorded the "most powerful" DDoS attack in its history. It was possible to reflect it, said on January 21, 2020, Deputy Chairman of the Bank Stanislav Kuznetsov.

On January 2, 2020, Sberbank faced an unprecedented DDoS attack, which was 30 times more powerful than the most powerful attack in the history of Sberbank. The attack was carried out using autonomous devices, Novosti IoT quotes him RIA.

According to Kuznetsov, there are three times more autonomous equipment for the Internet of Things than people on the planet, and by 2025 the difference will be 5 times.

It is noted that the attack did not entail any consequences, while it was reflected in automatic mode. Sberbank immediately announced this attack to law enforcement agencies and handed them all the necessary information.

Such attacks could not be repelled by every company in the Russian Federation and even in the world, Kuznetsov claims. Strengthening cyber attacks could become a trend in 2020, he said.

Kuznetsov said that the number of hacker attacks on Sberbank in 2019 increased by 15-20%, per day the bank records 280-300 attempts at attacks on its systems. The goal of many of them was to take control of the bank's systems.

According to the deputy chairman of Sberbank, the attack demonstrated that cybercrime is moving into a new plane and continues to gain momentum, and the use of 5G technology in fact threatens a new level of risks in conducting DDoS attacks.

We identify and block them all. In addition, it is worth noting that mass malicious mailings are still popular - about 50% of the emails that our employees receive are spam, including phishing attempts, he said.

As the representative of Sberbank recalled, earlier the bank predicted that in 2019 losses from cybercrime could amount to more than 2.5 trillion rubles.

In general, our forecast was justified, - said Stanislav Kuznetsov.[5]

2018

Reflection of 90 DDoS attacks per year

In 2018, Sberbank repelled 90 DDoS attacks, of which 25 cyber attacks had high power. This was announced on December 25 by the credit institution itself in its report "Bank Trends - 2018."

It follows from it that the indicators of DDoS attacks on Sberbank's systems have grown one and a half times compared to 2017. Each week, the bank receives an average of 14.5 thousand emails with malicious attachments and separates (blocks) five phishing sites. Throughout 2018, Sberbank recorded an average of one or two DDoS attacks per week. Such attacks are external influences on the systems of organizations, leading to overload. Ultimately, they can lead to a shutdown of the organization's IT infrastructure.

Despite this intensity of threats, Sberbank's banking systems and services have never been disabled by cybercriminals, the report says.

It is also reported that about 5% of all cyber attacks in Russia are aimed at Sberbank systems. The bank came to such conclusions on the basis of data for the first quarter of 2018.

According to Qrator Labs (specializing in countering DDoS attacks and ensuring the availability of Internet resources), the number of DDoS attacks on banks around the world in 2018 increased 1.9 times compared to the previous year.

Cyber attacks on banks are increasing amid the growing popularity of mobile banking. By December 2018, the active audience of users of the Sberbank Online mobile application exceeded 40 million people. For the year (from October 2017 to October 2018), the increase was 47%. These figures correspond to high indicators for foreign large retail banks, noted in Sberbank.

More than 60% of active users of digital channels (SMS, website, application) - almost 25 million people - mainly use only a program for smartphones and no longer even enter the traditional web version.

6 major cyber attacks in 2 days

According to a November 30, 2018 report, Sberbank"" has undergone a series of six over the past two days. hacker attacks DDoS attacks were carried out via spoofing from at least 100 servers from six countries. At the same time, the bank's systems were not affected.

author '= Stanislav Kuznetsov,[6] of[7] What has been going on for the last few days has caused us a certain amount of anxiety. Yesterday and the day before yesterday, Sberbank's resources were attacked at least six times. The total duration of these DDoS attacks was at least 1.5 hour. One of the attacks lasted about 27 minutes. This is an unprecedented attack in duration, which was carried out using the latest technologies using satellite technology and hiding the sender's addresses. According to our estimates, it was carried out very professionally, as part of this attack, the attacker actively investigated the level of our defense. These attacks did not affect the bank's resources. With a high probability, they were carried out from abroad. And from the materials that we have, it is clear that the attacks were from more than 100 servers located in six countries of the world. Sberbank's protection and technologies allow you to successfully repel such attacks. If such attacks were carried out on the servers of another company, the consequences could be significant. "

2016: Sberbank repelled 74 DDoS attacks in 2016

Sberbank recorded 74 DDoS attacks on its systems in 2016. This was announced at the end of the year by the deputy chairman of the board of Sberbank Stanislav Kuznetsov.

According to Kuznetsov, large attacks on the bank are carried out every week or once every 10 days. In December, hackers attacked Sberbank 6 times. The credit institution manages to prevent almost 100% of skimming attempts (theft of card data using a special reader).

At the same time, Kuznetsov stressed that skimming has now become rarely used by cybercriminals.

There are no new elements of fraud, we continue to record special risks for companies that are not engaged in cybersecurity. We record attempts to withdraw several million rubles about once a week, "he said.

However, in December, the bank did not record major losses of Russian companies. In particular, the reduction of damage occurs as a result of more coordinated work of law enforcement agencies with credit institutions.

Notes