In response to the Reuters report that the Bank of Spain is under a DDoS attack, IT security experts commented below.
Andrew Lloyd, President at Corero Network Security:
“Worryingly, as of right now (Tuesday afternoon local time), their website (www.bde.es) remains offline despite the attack having started on Sunday. Whether this is as a result of an ongoing attack, recovering from any resulting damage or as a precaution pending a forensic investigation is not clear.
“The recent guidance from the Bank of England (BoE) requires banks to have the cyber-resilience to “resist and recover” with a heavy emphasis on “resist”. The BoE guidance is a modern take on the old adage that “prevention is better than cure”. Whatever protection the Bank of Spain had in place to resist a DoS attack has clearly proven to be insufficient to prevent this outage.
“Corero continues to recommend that banks and other financial institutions invest in real-time protection that can detect and instantly mitigate attacks before they compromise systems and impact customer service.”
Ilia Kolochenko, CEO at High-Tech Bridge:
“DDoS attacks can be easily hired on the Dark Web for very small dollar amounts, while payment in crypto-currencies make them virtually uninvestigatable. Anyone can be behind it, from a disgruntled employee, unhappy customer or even a DDoS-for-hire service making this type of “ad” on a live website simply to demonstrate their capacities. By definition, a DDoS attack cannot compromise any systems or sensitive data, therefore customers should not worry. However, frequently DDoS attacks are used as a distracting maneuver for IT security teams, while cybercriminals are exfiltrating data from the company. Thus the incident should be mutinously investigated.”