[BreachExchange] Bank of Spain Reveals Its Website Suffered a DoS Attack

Destry Winant destry at riskbasedsecurity.com
Wed Aug 29 09:28:58 EDT 2018 

https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/bank-of-spain-reveals-its-website-suffered-a-dos-attack/

The Bank of Spain revealed that bad actors used a denial-of-service
(DoS) attack to temporarily disrupt access to its website.

On 27 August, a spokesperson for Spain’s central bank disclosed the
attack. They clarified that that incident didn’t affect the Bank’s
services or its communications with other institutions, including the
European Central Bank – an institution from which digital attackers
stole customer data back in 2014 as a means of extortion.

The spokesperson also made clear that the Bank of Spain, the national
supervisor Spain’s banking system and a member of the European System
of Central Banks, was at no risk of a data breach as a result of the
attack.

“It is a denial of service attack that intermittently affects access
to our website, but it has had no effect on the normal functioning of
the entity,” the spokesman said, as quoted by Reuters.

The Bank of Spain represents the latest organization in the banking
industry to be targeted by digital attackers. In May, online
malefactors abused a software vulnerability to transfer more than 300
million pesos (over US $15 million) out of Mexican banks.

That was just a few months before malicious hackers planted malware on
an automated teller machine (ATM) server belonging to an Indian bank
as part of a criminal scheme which saw the theft of nearly 944 million
rupees (US $13.5 million) in a coordinated attack across 28 countries.

The campaigns discussed above, including the DoS attack against the
Bank of Spain’s website, illustrate bad actors’ ongoing interest in
targeting financial institutions. Fortunately, organizations in
financial services can protect themselves against these threats by
investing in a robust digital security solution.

Tripwire’s products, for example, can help financial organizations
strengthen their security to maintain continuous availability of
services, automate their compliance with relevant data protection
standards and use security controls to defend against digital attacks.
Learn more here.

More information about the BreachExchange mailing list