A pro-Russia hacker group, NoName057, said it attacked the websites of various Italian institutions this week, starting with large banks. The hackers said they were reacting to a speech by Italian president Sergio Mattarella that compared Russia's invasion of Ukraine to the "wars of conquest" by the Nazis.
The campaign appears to exploit a tactic known as distributed denial of service (DDoS), in which a threat actor spams the target website with a huge volume of internet requests. This flood of requests can paralyze the target website if adequate precautions are not in place.
The campaign highlights the highly political nature of many cyberattacks, in which threat actors such as NoName057 target banks and other financial services in a reaction to actions and statements by political leaders of the country where those companies operate.
The specific companies NoName057 targeted were investment bank Mediobanca, Banca di Credito Finanziario, financial firm Nexi and private banking firm Intesa Sanpaolo.
Analyst groups have highlighted that this trend, sometimes referred to as hacktivism, has picked up in recent years following Russia's invasion of Ukraine and the geopolitical response to the attack. One such group that has highlighted these attacks is the Financial Services Information Sharing and Analysis Center (FS-ISAC).
"Financial firms in countries that Russia considers hostile have been singled out for attacks and called out by name as targets on Telegram and other hacktivist forums," reads an FS-ISAC report released in 2023. The report also notes such threats have "yet to cause significant impact."
Because many of these hacktivist activities come in the form of DDoS campaigns, banks are often well prepared to defend against them because the industry has learned for years how to deal with the threat.
Even earlier, in 2011, attackers allegedly acting on behalf of the Iranian government and Islamic Revolutionary Guard Corps went after 46 financial organizations, including Bank of America, the New York Stock Exchange and Capital One. The National Security Agency (NSA) interpreted this attack as a response to Western efforts to stymie Iran's nuclear program.
Since those attacks, protecting against DDoS campaigns has been a well-trodden path for the financial sector, especially in Europe. Banks in that region were the target of
Large banks and credit unions have created multiple lines of defense against DDoS attacks, which have grown in sophistication to target more fundamental systems in the tech stack financial institutions use to serve their digital products, according to Teresa Walsh, FS-ISAC's global head of intelligence. The result is that most members of the group report little to no disruption when a DDoS attack happens.
Nonetheless, what one bank might be able to shrug off might paralyze another. It all depends on how well the institution has invested in protections against DDoS attacks, according to Walsh.
