At least three Dutch banks and the Dutch tax office reported on Monday suffering coordinated DDoS attacks against their respective infrastructures.
ABN AMRO, Rabobank, and ING Bank officials reported suffering DDoS attacks that prevented customers from logging into web-based dashboards.
The DDoS attack on ABN AMRO started on Saturday, per the bank’s statement, while the other two banks were hit on Monday.
Also on Monday, Belastingdienst —the Dutch Taxation Authority— also admitted suffering a DDoS attack that prevented users from logging into its web portal and filing tax-related documents.
DDoS attack reached 40 Gbps
Citing sources, Dutch security researcher Rickey Gevers claimed the attacks reached a peak of 40 Gbps in volume.
He also said the attacks came mainly from IP addresses associated with home routers. A report by NL Times citing sources with antivirus vendor ESET claimed some of the DDoS attacks were also carried out using the Zbot malware, a known (desktop-based) banking trojan based on the old ZeuS banking trojan.
The same report claimed the command and control servers for this botnet were based in Russia.
Many fear DDoS attack is repercussion for last week’s exposé
The Dutch media’s obsession with Russia is not accidental. Last week, Dutch newspaper Volkskrant and TV station NOS published a report claiming that the country’s AIVD intelligence service compromised the computer of a hacker part of Russian-based cyber-espionage group Cozy Bear (also known as APT29).
The report claim AIVD agents spied on the cyber-espionage unit since 2014 and observed how Russian intelligence services hacked into DNC servers during the 2016 US Presidential election.
Journalists said AIVD identified individuals part of the Cozy Bear cyber-espionage unit and even watched Russian hackers through the webcams on the compromised PC.
Many Dutch officials now fear the DDoS attacks are just the first of the many Russian cyber-attacks that will come as retaliation for last week’s revelations.
Something similar happened in 2015 when the Dutch Safety Board (DSB) was attacked by another Russian cyber-espionage unit —Fancy Bear (aka APT28). Those attacks came as Dutch authorities were investigating and later issued a report blaming the crash of flight MH17 in Ukraine on a military missile fired at the aircraft by pro-Russian rebels.