In early 2024, cyber attackers shifted their approach when targeting Russian financial institutions. This observation came from Daniil Bobryshev, who leads product development for network and IT infrastructure protection against DDoS in Servicepipe. He described the shift as a move toward more aggressive campaigns against banks, reflecting a broader evolution in assault patterns observed by security experts and researchers across the sector.
According to Bobryshev, the Servicepipe team detected a growing trend of all-encompassing cyber onslaughts, sometimes described as carpet attacks, where multiple resources of a credit organization are hit almost simultaneously. The aim is to overwhelm defenses by saturating essential services at once, forcing disruption across the institution rather than concentrating on a single target or system.
The expert highlighted that attackers are increasingly probing the most exposed Internet services within credit unions. VPN gateways and remote maintenance interfaces emerged as common entry points, with a disproportionate share of attack traffic aimed at these interfaces. By concentrating on these accessible weaknesses, attackers seek to gain a foothold inside the network and maximize damage with limited effort, leveraging known vulnerabilities in remote access configurations.
Bobryshev also noted a shift in attack sequencing. He said that, compared with strategies from the previous year, attackers no longer proceed through a network in a linear, service-by-service fashion. Instead, they launch coordinated strikes that target multiple services in a rapid, overlapping manner. The result is a higher likelihood of disruption across critical operational layers, complicating incident response and extending recovery times for financial institutions.
Historical context remains relevant for understanding current threats. There was a notable incident when the Mir payment system operator’s website endured a cyber attack, underscoring the persistent risk to payment networks and their online interfaces. Such events illustrate how a single breach can ripple across payment ecosystems, affecting consumer confidence and the reliability of digital transactions used daily by individuals and businesses alike.
Additionally, authorities and industry observers have reported cases where Russian threat actors targeted European financial and monetary infrastructure, including incidents involving the European Investment Bank. These patterns highlight the international scope of modern cyber operations and the way attackers leverage cross-border opportunities to compromise financial technology ecosystems and exchange networks that support cross-border transactions and cooperation.