Finland experiences surge in DDoS attacks as Nordea targeted repeatedly

This autumn, Finland has witnessed an unusually high number of distributed denial-of-service (DDoS) attacks, according to Traficom’s Cybersecurity Center. Since August, over 50 such incidents have been reported, compared to just over 20 cases between March and July.

Cybersecurity expert Samuli Könönen attributes the increase in reported incidents to heightened publicity surrounding attacks targeting Nordea. This may have led other organizations to be more vigilant and report attacks. Nordea has faced several extensive DDoS attacks throughout September and October, with the most recent occurring on a Friday evening. The bank suspects that these attacks are orchestrated by an organized group aiming to disrupt societal stability. The National Bureau of Investigation (KRP) is currently examining the cases as severe telecommunications disturbances, and legal experts have noted that these attacks might meet the criteria for terrorism offenses.

Könönen also pointed out that the cases reported to the Cybersecurity Center represent only a small fraction of the actual DDoS incidents occurring in Finland. In reality, there are thousands of these attacks daily, many of which are so brief and weak that the service providers might not even notice them. He stated, “A DDoS attack lasting weeks is exceptional from our perspective.”

In a DDoS attack, the operation of a web service is hindered by overwhelming it with traffic from multiple sources, making normal access impossible. While most attacks do not result in significant disruption, they typically cause a temporary slowdown. The Cybersecurity Center estimates that over 60% of these attacks are directed at governmental entities, with attackers often motivated by political reasons related to decisions made by the target country’s government or a company’s business expansion plans. In some cases, the exact motive of the attacker remains unclear.