Dutch Banks and Tax Office Hit by DDoS Attacks

Three of the Netherlands’ leading banks together with the national tax office was affected by a DDoS attack over the weekend which has been attributed to the Russian hacking group, Cozy Bear.

Dutch media reports confirmed that three of the country’s most prominent banks, together with the Dutch tax office were affected by a crippling distributed denial of service (DDoS) attack over the past weekend. Affected banks include Rabobank, ABN Amro, and ING who have all confirmed that they fell victim to DDoS attacks over the weekend which affected their mobile banking apps and ensured that their online banking was offline temporarily.

Rabobank confirmed this information in a Tweet earlier this week. In addition, ABN Amro confirmed that they fell victim to a DDoS attack that lasted three hours on 27 and 28 January, respectively. ING stated that their servers experienced a DDoS attack this last Sunday. Since the attacks, however, all three banks have taken steps to reassure their clients that their internal systems were not compromised and that all customer information and accounts remained secure.

However, the attack campaign was not exclusive to banks. The national tax office confirmed that they experienced a DDoS attack which affected its website for a period of 10 minutes on 29 January. In addition, DigiD, which is the official Dutch online signature system, was also affected by the attack.

Interestingly, these attacks follow shortly after Dutch news outlets reported that the country’s intelligence service, AIVD, successfully conducted espionage on the notorious Russian hacking group, Cozy Bear or APT29.

Cozy Bear has previously been linked to a slew of famous cyber attacks such as a hack that targeted and subsequently compromised the 2016 United States presidential election. The group also has affiliations with another hacking group, Fancy Bear (APT28).

Last week, news Dutch publications Nieuwsuur and De Volkskrant, stated that the AIVD successfully accessed camera footage of a space in Moscow where the hackers are based. This allowed the intelligence agency to monitor the location: a university building close to the Red Square.

Despite this coincidence, it has not yet been confirmed whether this latest slew of DDoS attacks can be attributed to the hacking group. If nothing else, the attack campaign should perhaps serve as a reminder as to the importance of sufficient DDoS protection measures.

According to Rickey Gevers, an expert in the field of cybersecurity, so far the only link between the two incidents is timing. Gevers added that it will be easy to find the culprit if the culprit is an individual. However, it will be impossible to definitely attribute to state-sponsored hackers.

In addition, the Dutch intelligence agency has since lost access to the hacking’s groups specific network.

The Dutch central bank, DNB’s, president, Klaas Knot, recently addressed the latest cyber attacks during a Dutch television programme, Buitenhof. According to Knot, attacks of this scale are merely part of modern life, and cannot ensure irreparable damage or harm.