Cyber Incident Victim: Sparebank 1
Date:
Jul 2014
Location:
Norway
Summary
A distributed denial-of-service (DDoS) attack targeted multiple Norwegian financial institutions and a major telecommunications company, including Sparebank 1, disrupting online services and causing login difficulties for customers. The attackers exploited a WordPress security flaw and other unspecified methods to overwhelm systems, with an IT provider noting the unprecedented scale against critical finance sector entities. While Anonymous Norway initially claimed responsibility via a message emphasizing awareness of IT security vulnerabilities, the group later denied involvement on social media, attributing the attacks to unskilled actors using readily available botnets. Technical experts confirmed the low technical barrier to executing such attacks, requiring only financial resources to rent malicious infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On July 8, 2014, multiple Norwegian financial institutions and businesses, including Sparebank 1, were targeted in coordinated distributed denial-of-service (DDoS) attacks. The attacks began in the morning, initially disrupting DNB, Norway’s largest financial services group, whose website experienced partial downtime due to junk traffic flooding its systems. Customers reported login difficulties during this outage, which lasted slightly over an hour. The attackers expanded their targets throughout the day, focusing on Norges Bank, Sparebank 1, Storebrand, Gjensidige, Nordea, Danske Bank, Telenor, and other entities. IT service provider Evry, which delivered approximately one-third of Norway’s IT services, confirmed the attacks affected more than eight financial sector organizations simultaneously—a first in terms of scale and coordination within Norway’s finance industry. Attackers exploited a known security vulnerability in WordPress to generate malicious traffic directed at Evry’s servers and its clients, though Evry noted additional unspecified methods were also employed.
Norwegian media outlet Dagens Næringsliv received a message from individuals claiming to represent Anonymous Norway, which cited the attacks on Norges Bank and others as part of an effort to "wake up" the public to inadequate IT security defenses. The message included Anonymous’s signature rhetoric but provided no concrete political or financial motives. However, Anonymous Norway’s Twitter account later disavowed responsibility, attributing the attacks to unskilled "script kiddies" lacking advanced tools. National Security Authority (NSM) technical director Roar Thon corroborated the low technical barrier to executing such attacks, stating that DDoS operations could be rented via botnets using only a credit card and malicious intent. The incident highlighted systemic vulnerabilities, as Norges Bank was unaware of its website’s downtime until after Anonymous’s claim was received. No specific containment measures or technical responses from the affected organizations were detailed in available reports.