Ukraine’s Monobank hit with massive DDoS attack

22 Jan 2024

Image: © mehaniq41/Stock.adobe.com

The CEO of Monobank claimed the online bank was hit by a massive DDoS attack, which comes roughly one month after the country’s broadband and mobile services were disrupted by a cyberattack on Kyivstar.

Monobank, a major online banking service in Ukraine, has been disrupted by a massive distributed denial-of-service (DDoS) attack, according to its CEO.

The co-founder and CEO of Monobank, Oleh Horokhovskyi, confirmed the attack on Telegram and claimed the attack included 580m requests. He also claimed that Monobank appears to be one of the most attacked IT targets in Ukraine.

The attack did not disrupt the online bank’s services and follows a similar DDoS attack last week, Ukrinform reports.

A DDoS attack is an attempt to make an online service unavailable by overwhelming it with high volumes of data from multiple sources.

It is unclear who is responsible for the cyberattack, but Ukraine has been subject to various cyberattacks over the past couple of years prior to Russia’s invasion of the country. These attacks generally targeted critical infrastructure and intensified as the invasion began.

The end of 2023 saw a disruption to broadband and mobile services in Ukraine, after Kyivstar claimed it was hit by a massive cyberattack from hackers.

Jake Moore, a global cybersecurity advisor with ESET, said that although it has not been officially attributed, “all eyes will be on Russia for successful DDoS attacks on Ukrainian websites causing them to become unusable”.

“Whilst not directly a cyberattack and no data is stolen, distributed-denial-of-service attacks set upon a website with so much traffic that it simply falls over and is not able to withstand the influx,” Moore said. “Websites need to continually monitor for excess traffic as well as constantly bolt on further protection as such attacks evolve to strike with more power each year.”

Multiple reports last year suggest that DDoS attacks are growing significantly in both the volume of attacks and the power behind them. A report by Netscout last year claimed there were 7.9m DDoS attacks in the first half of 2023, with the rise linked to geopolitical issues.

Last year, multiple Big Tech companies shared details about a zero-day vulnerability that was being exploited in massive DDoS attacks. Google said it mitigated a DDoS attack that generated 398m requests per second, while 2022’s record was only 46m requests.

“Threat actors often use vulnerable home smart technology devices around the world such as smart lightbulbs to flood a network,” Moore said. “It is therefore vital that all smart home devices are protected and secured with good passwords and multi-factor authentication with limited remote functionality.”

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com