A recent cyber attack targeted the websites of Denmark's central bank and several private banks in the country. The attack, which was carried out using a type of attack known as a distributed denial of service (DDoS), aimed to disrupt access to the targeted websites by directing a large amount of traffic to their servers.
The DDoS attack first affected the website of Bankdata, an IT firm that provides solutions for the financial industry, and subsequently caused brief restrictions on the access of seven private banks' websites. These banks included Jyske Bank and Sydbank, two of Denmark's largest financial institutions.
Both Sydbank and Jyske Bank confirmed the attack on their respective websites, with Jyske Bank noting that some customers had experienced issues accessing the website on the day of the attack. It is not clear who is behind the attack or what their motivations were. Distributed Denial of Service (DDoS) attack is a type of attack where multiple systems, often infected with a Trojan, are used to target a single system causing a Denial of Service (DoS) attack. Such an attack is usually launched using botnets, networks of malware-infected devices controlled remotely by an attacker, in order to flood the target system with an overwhelming amount of traffic. We heard from Rick McElroy, Principal Security Strategist, VMware, who shared just how common financial institutions are targeted by attacks of similar nature and the motives of threat actors: "The recent DDoS attack on Denmark’s central bank and an IT partner once again proves that the financial services industry is a prime target for cybercriminals. Our data shows nearly 2 out of 3 financial institutions have experienced an increase in destructive attacks aimed at destroying data and dismantling subnets in this sector. However, the main motive of the attack on Denmark’s banking industry appears to be disruption – impacting daily operations for the businesses and society at large. As the financial industry continues to be at a heightened risk of attacks ranging from DDoS to ransomware to island hopping, these institutions plan to increase their cybersecurity budget by upwards of 30 percent."