In a distributed-denial-of-service (DDoS) attack that began on Sunday, 26 August, and extended into today, Spain's central bank was knocked offline. While Banco de Espana struggled to fight off the attack, business operations were not disrupted, according to Reuters.
"We suffered a denial-of-service attack that intermittently affected access to our website, but it had no effect on the normal functioning of the entity," a spokeswoman for Banco de Espana wrote in an email.
DDoS attacks interrupt services by overwhelming network resources. Spain’s central bank is a noncommercial bank, which means that it does not offer banking services online or on site, and communications with the European Central Bank were not impacted.
“Worryingly, as of Tuesday afternoon their website remained offline despite the attack having started on Sunday. Whether this was as a result of an ongoing attack, recovering from any resulting damage or as a precaution pending a forensic investigation is not clear,” said Andrew Lloyd, president, Corero Network Security.
“The recent guidance from the Bank of England (BoE) requires banks to have the cyber-resilience to 'resist and recover' with a heavy emphasis on 'resist.' The BoE guidance is a modern take on the old adage that 'prevention is better than cure.' Whatever protection the Bank of Spain had in place to resist a DDoS attack has clearly proven to be insufficient to prevent this outage."
To help mitigate the risk of a DDoS attack, banks and other financial institutions can invest in real-time protection that can detect attacks before they compromise systems and impact customer service.
As of the time of writing this, the bank's website appears to be back online.