Bank of Spain hit by a DDoS attack that shut down its website for two days

  • The bank confirmed that none of the its services and communications with the European Central Bank were affected.
  • The bank’s website is currently back online and functioning normally.

The Bank of Spain was hit by a Distributed Denial-of-Service (DDoS) attack on August 26. The attack disrupted access to the bank’s website for days. A spokesman for the bank confirmed the breach. However, the Bank of Spain maintains that none of its services and communications with the European Central Bank or other institutions were affected.

“It is a denial of service attack that intermittently affects access to our website, but it has had no effect on the normal functioning of the entity,” said the bank’s representative, Reuter reported.

“As we are the national central bank of Spain, not a commercial bank, we offer no banking services – on-site or online – to individuals nor firms,” the bank’s spokesperson added, Bank Info Security reported.

Following the attack on August 26, the bank’s website was taken offline till August 28. Although it is not clear whether the site was down due to the ongoing attack or was taken offline by the bank as a precaution, Andrew Lloyd, president of Corero Network Security told SC Media .

“The recent guidance from the Bank of England (BoE) requires banks to have the cyber-resilience to ‘resist and recover' with a heavy emphasis on ‘resist'. The BoE guidance is a modern take on the old adage that ‘prevention is better than cure',” Lloyd said to SC Media.

Commenting on the organization’s security strategy, Lloyd added that the DDoS attack on the Bank of Spain indicates that the organization has insufficient security processes and procedures in place.

Meanwhile, the bank’s website is currently back online and is functioning normally. Although this attack is not believed to have severely affected transactions or users’ data, it serves as a reminder that there is hardly any business entity that is not exposed to cyber attacks.

Cyware Publisher