Category: Adversary Intelligence
Industry: Finance & Banking
Motivation: Hacktivism
Country: India
Source*:
D: Not usually Reliable
6: Difficult to Say
Executive Summary
- On 16 May 2023, CloudSEK’s contextual AI digital risk platform XVigil discovered a threat actor group claiming to have conducted a DDoS attack on 44 Indian banking and finance websites.
- This attack was done in retaliation to the cyber warfare occurring between Indian hacktivist teams like team UCC operations, Indian Cyber Force, and CyberXForce, and hacktivist teams belonging to Pakistan and Malaysia.
- To establish proof of conducting a successful DDoS attack, evidence was shared along with the actor’s Telegram post. The actor’s shared links to check-host.net.
- Check-host.net is a web utility that provides real-time information on whether a domain or an IP address is available and responsive - whenever a user tries to reach it.
-
Information from the Post
The Indian Banks and Finance websites targeted by the hacktivist group in this incident are:
- www.bankwithus.in
- www.iba.org.in/
- www.iob.in/
- www.idbibank.co.in (D)
- www.unionbankonline.co.in (D)
- www.netbanking.indianbank.in
- Centralbank.net.in (D)
- bankofindia.co.in
- Unionbankofindia.co.in (D)
- Bankersdaily.in (D)
- bankofmaharashtra.in
- www.employmentbankwb.gov.in
- Allahabadbank.in (D)
- Nainitalbank.co.in (D)
- cosmosbank.in
- Bankcontact.in (D)
- Sscbankgk.in (D)
- www.bankingcareers.in (D)
- finopaymentbank.in
- bankerschoice.in
- Dhanbank.in (D)
- Allbankcare.in (D)
- bankura.gov.in
- Unitedbank.co.in (D)
- apexbank.in
- Centralbank.co.in (D)
- canarabankcsis.in
- Dohabank.co.in (D)
- www.ippbonline.com/
- www.bankofbaroda.in
- bankexamtips.in
- buybankpocourse.in
- Indianbankcreditcard.in (D)
- bankmantra.in
- www.indbankguru.in
- www.bankingfinance.in (D)
- 99banks.in
- bankerz.in
- Bankpower.in (D)
- www.bankinfosecurity.in
- bccbank.in
Note: At the time of creating this report, many banks had functioning websites. However, it is worth noting that 18 banks were still experiencing website downtime and were unresponsive. (D) above signifies the website observing downtime.
Threat Actor Activity and Rating
Impact & Mitigation
Impact
- DDoS can leave websites more vulnerable as some security features may be offline due to the attack.
- Damaged infrastructure can cause the collapse of services provided by the website.
- Website downtime or slow loading times, which can result in lost revenue, damage to reputation, and frustration for users.
- Inability to access important online services, such as online banking, and more.
Mitigation
- Deploy load balancers to distribute traffic.
- Enable rate-limiting mechanisms.
- Configure firewalls and routers to filter and block traffic.
- Utilize content delivery networks (CDNs) to distribute traffic.
- Implement bot-detection technologies and algorithms -to identify large-scale web requests from botnets employed by actors to conduct DDOS Attacks
References
