A DDoS Knocked Spain’s Central Bank Offline

A DDoS Knocked Spain’s Central Bank Offline: A distributed-denial-of-service (DDoS) attack that started on Sunday 26 August, and expended into today, the Spain’s central bank was knocked offline. While Banco de Espana who struggled to fight against the attack, business operations were not disrupted, according to Reuters.

“We suffered a denial-of-service attack that intermittently affected access to our website, but it had no effect on the normal functioning of the entity,” a spokeswoman for Banco de Espana wrote in an email.

DDoS attacks that interrupt services by overwhelming the network resources. Spain’s central bank is noncommercial bank, which does mean that they do not offer any banking services online or on the site, and communications with the European Central Bank were not impacted.

“Worryingly, as of Tuesday afternoon their website remained offline despite the attack having started on Sunday. Whether this was a result of an ongoing attack, recovering from any resulting damage or as a precaution pending a forensic investigation is not clear,” said Andrew Lloyd, president, Corero Network Security.

“The recent guidance from the Bank of England (BoE) requires bank to have the cyber resilience to ‘resist and recover’ with a heavy emphasis on ‘resist’.’ The BoE guidance is a modern take on the old adage that ‘prevention is better than cure.’ Whatever protection the Bank of Spain had in place to resist a DDoS attack has clearly proven to be insufficient to prevent this outage.”

To help mitigate the risk of DDoS attack, the banks and other financial institutes needs to invest in the real-time protection which can easily detect the attacks before they compromise the systems and impact their customer’s service.

As of the time of writing this, the bank’s website that appears to be online again.