Cyber Incident Victim: Banca di Credito Cooperativo
Date:
May 2023
Location:
Italy
Summary
The BCC Credito Cooperativo experienced a distributed denial-of-service (DDoS) attack that overwhelmed its website with illegitimate traffic, rendering it inaccessible to legitimate users. The attack, attributed to the NoName057(16) group, lasted approximately four hours and focused on service disruption rather than data compromise or permanent infrastructure damage. Normal service functionality was restored once the malicious traffic subsided and was mitigated by security countermeasures.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 5 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around May 28, 2023, the website of Banca di Credito Cooperativo di Roma (BCC Roma) was subjected to a cyber attack. The attack was claimed by the group known as NoName057(16). The specific type of attack executed against the bank's website was a Distributed Denial of Service (DDoS). The primary objective of this attack was to render the bank's online services unavailable to its legitimate users by overwhelming its web infrastructure with a massive volume of illegitimate traffic.
The attack was carried out using a botnet, which is a network of compromised computers under the control of the attackers. This botnet was used to simultaneously send a high number of requests to the BCC Roma web servers and network components. The sheer volume of this traffic was designed to consume the target system's resources to the point where it could no longer respond to legitimate user requests, effectively taking the website offline. The group NoName057(16) publicly stated they had successfully "killed" the bank's site as a result of their actions.
This incident was part of a broader campaign of DDoS attacks conducted by NoName057(16) against Italian targets. The attack on BCC Roma was not an isolated event but rather one in a series of disruptive actions aimed at organizations within Italy. The duration of this specific DDoS attack was approximately four hours, which is consistent with the typical attack patterns employed by this group. After this period, the volume of malicious traffic subsided or was successfully mitigated, allowing the bank's website to resume normal operation.
While DDoS attacks do not typically result in direct damage to infrastructure or the permanent loss or theft of data, they are designed to cause significant service disruption. The immediate impact of this attack was the unavailability of the BCC Roma website for its customers and the public for the duration of the incident. Such unavailability can prevent customers from accessing their accounts online, obtaining information about bank services, or conducting financial transactions, leading to operational inconvenience and potential reputational harm.
The article did not specify the exact technical countermeasures deployed by BCC Roma during or immediately following the attack. However, general mitigation strategies for DDoS attacks include filtering malicious traffic, allocating additional server resources to handle the increased load, and employing specialized DDoS mitigation services provided by third-party cybersecurity firms. Internet service providers and organizations often utilize detection and prevention systems to identify and mitigate ongoing attacks in a timely manner. It is common for financial institutions to engage with such service providers to ensure rapid response to these types of incidents.
In the context of web-based attacks, the article also discussed Slow HTTP attacks, which are a specific subtype of denial-of-service attack. A Slow HTTP attack, such as HTTP Slowloris, exploits vulnerabilities in how servers manage HTTP connections. The attacker sends partial HTTP requests to the server but never completes them. This forces the server to keep these connections open while waiting for the requests to finish, thereby consuming available connection slots and preventing legitimate users from establishing a connection. While the article provided extensive background on this specific attack vector, it did not state that a Slow HTTP attack was used against BCC Roma; the primary method described for this incident was a volumetric DDoS attack.
The resumption of normal service after about four hours indicates that the attack was either stopped by the attackers or that the bank's defensive measures, potentially including those mentioned like traffic filtering or third-party mitigation services, eventually proved effective. The financial and operational consequences for BCC Roma were not detailed in the provided source material, though it is acknowledged that DDoS attacks can cause serious disruptions and financial losses for affected businesses and organizations. The incident served to highlight the persistent threat that DDoS attacks pose to the availability of critical online services in the banking sector.