[BreachExchange] DDoS attack from Anonymous Catalonia cripples Bank of Spain website

Destry Winant destry at riskbasedsecurity.com
Mon Sep 3 07:59:40 EDT 2018


https://www.hackread.com/ddos-attack-anonymous-catalonia-cripples-bank-of-spain-website/

The official website of Banco de España (Bank of Spain), which is the
central bank of the country, was hit by a Distributed Denial of
Service (DDoS) attack on Sunday. The attack potentially disrupted the
website’s operations and it became inaccessible at the beginning of
the week. The attack, reportedly, has been claimed by the notorious
hackers collective Anonymous Catalonia.

According to reports, the attack was launched on Sunday and it
continued until Monday. It was revealed by Anonymous Catalonia that
the attack was part of its #OpCatalonia campaign. It is basically a
campaign initiated to protest the detention of Catalan political
leaders to repel the region’s struggle for independence that started
in 2017.

The hacktivist group utilized the ‘TangoDown’ hashtag, which it
frequently uses to post on Twitter, to announce that a DDoS attack was
successfully launched. The group also posted a proof that showed that
the server hosting the central bank of Spain’s website was down around
the globe.

According to the bank’s spokesperson, the attack couldn’t affect the
services or communications of the bank with other institutions
including the European Central Bank. In an interview, the spokesperson
stated that:

“It is a denial of service attack that intermittently affects access
to our website, but it has had no effect on the normal functioning of
the entity.”

Although the website remained down throughout Monday and until Tuesday
afternoon but it wasn’t clarified by the authorities whether it was
down because the attack was ongoing, due to precautionary measures or
the website was recovering from the damage of the attack.

It is worth noting that the bank of Spain is a non-commercial bank,
and doesn’t offer on-site or online services. That’s why its
communication with the European Central Bank wasn’t affected. However,
to mitigate these kinds of threats, banks and financial institutions
must invest in real-time protective measures that are capable of
detecting DDoS attacks prior to these are successful.

The bank’s website is now back online. Hacktivists often rely upon
DDoS attacks to protest against any incident. The Bank of Spain is
only one of the victims of the Anonymous Catalonia hacktivist group.
The protest campaign #OpCatalonia was launched by the group on August
19.

On August 20, the group initially launched an attack on the website of
the Spanish government and focused initially on attacking Spain’s
foreign ministry, economy, and Constitutional Court’s official
websites. On August 26, the Bank of Spain’s website was attacked. So,
we can assume that there might be more fireworks coming up for the
Spanish government.


More information about the BreachExchange mailing list