The attacks, which affected the Swedish Armed Forces (Försvarsmakten), several large banks and media outlets, come roughly a month after a similar attack hit Sweden.
“We learned our lesson from the last time around. Then we were down for two hours, now we were back after only 20 minutes,” Niklas Englund, head of Swedish Armed Forces digital media, told The Local.
“We noticed that we were generating more traffic than normal and that our firewall had stopped working.”
Anders Ahlqvist, IT expert at the National Police Board (Rikspolisstyrelsen) told the TT news agency that Swedish websites appear to have become increasingly popular targets of such Distributed Denial of Service (DDOS) attacks.
During a DDOS attack, a website is bombarded with communication requests so that the servers become overloaded and the site crashes.
“It does seem as if Swedish sites have been targeted on a large scale recently,” he said.
The attack or attacks, which began on Monday morning, also targeted Swedish banks, news agency Tidningarnas Telegrambyrå (TT), as well as The Local’s pan-European news network.
The websites of all organizations affected by the attack were left inaccessible for several hours as servers were overloaded with access requests.
Swedish national rail operator SJ also had trouble with its online booking system between 10.30am and 11.50am on Monday, but a spokesperson told The Local they didn’t think the problem was due to an attack.
According to experts, the logs from the TT servers indicated the agency was hit by a so called botnet attack, where a large number of hijacked computers are connected in a targeted attack.
Swedish banks Swedbank and SEB as well as the internet realtor Nordnet, also experienced the effects of the attack.
“They managed to keep us down for a while but we seem to be up again now,” said Swedbank spokesperson Anna Sundblad to newspaper Aftonbladet.
Sweden’s Civil Contingencies Agency (Myndigheten för samhällsskydd och beredskap – MSB) was also targeted in Monday’s attack, as was the Swedish military, which continues to try to improve its defences against cyber attacks.
“We keep developing our systems and we get better and better,” said Englund.
The Armed Forces and The Local were also both affected by an attack which took place about a month ago and was directed at several Swedish sites.
The attack was reported to the police by the Armed Forces, which suspected it may have been carried out by supporters of WikiLeaks-founder Julian Assange.
“Attacks of this kind have always been carried out against government agencies, organizations and companies. There doesn’t seem to be a plan behind it. If they are firing against the police or the prosecution authority it is a bit more understandable, but attacking the Swedish National Council for Crime Prevention (Brottsförebyggande rådet – Brå) and the Swedish Courts is more inexplicable,” said Ahlqvist.
When media companies are being targeted it is often presumed that it is because of something that they have published, but according to Ahlqvist this is not necessarily the case.
“If you look at the spread of the attacks it really doesn’t follow a rational pattern. They will test where it might work – who has good protection and who will find it difficult to get back up again,” Ahlqvist said.
It is almost impossible to find out who is in control of these botnets if they don’t choose to claim the responsibility.
“These are technically gifted people. And it spans the whole spectrum from individuals, to groups to states,” Ahlqvist told TT.