Operations at multiple banks and telecommunication service providers in Hungary were disrupted due to a distributed-denial-of-service (DDoS) attack launched from servers located in Russia, Vietnam, and China. According to the source, the incident affected the services of Hungarian OTP bank and telecommunications provider Magyar Telekom in certain parts of the capital, Budapest. In a DDoS attack, hackers try to make a targeted system or service unavailable to its users by flooding with unwanted incoming traffic from different sources.
Describing the incident as one of the biggest attacks in Hungary, Magyar Telekom stated that the frequency of data traffic in the current attack was 10 times higher than the amount normally seen in DDoS attacks.
“Russian, Chinese and Vietnamese hackers tried to launch a DDoS attack against Hungarian financial institutions, but they tried to overwhelm the networks of Magyar Telekom as well,” Magyar Telekom said.
DDoS Scare for Banks
DDoS attacks on financial institutions have been on rise. Recently, Australian banking and financial institutions received extortion emails threatening them of possible DDoS attacks against them. The extortioners demanded a ransom that needs to be paid in the form of Monero (XMR) cryptocurrency. The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is aware of this extortion campaign and issued threat advice to all Australian organizations. The Silence Hacking Crew claimed the responsibility of this threat campaign, however, ACSC was not able to confirm these claims until going to print.
Weaponizing Documents for DDoS Attacks
Many industry experts stressed that DDoS attacks have evolved into weaponized instruments used to disseminate ransomware, as well as launch disruptive attacks against their targets. Attack vectors targeted for weaponization include mobile devices, documents, browsers, with the current favorite being IoT devices. The researchers from Sophos discovered a weaponized document serving the dual purpose of delivering ransomware to the system, as well as exploiting it for potential DDoS attacks. The weaponized document was sent as a spear phishing email which upon opening launched Microsoft Word and initiated embedded macros, which enabled elevated privileges for the malicious document to execute an encoded VBscript.