Difficult times for banks due to DDoS

  • Katrin Graewe
  • February 5, 2018


Difficult times for banks due to DDoS

In late January 2018, no less than 3 of the largest banks of the Netherlands were hit. There were also DDoS attacks directed at the country’s tax office. Among the various economic sectors, the financial industry faces cyber-attacks most frequently. Globally, only government IT structures fall victim to even more attacks.

Dangers of DDoS for the financial industry

Since banks and other providers of financial services perform an important function within a country’s infrastructure, they face particularly high cyber-risks. By supplying cash, managing payment transactions and providing extensive loan services, the industry’s role in society is crucial. Also, it controls considerable funds. To gain access to these funds, attackers rely increasingly on DDoS attacks, a critical threat to the business of both direct banks and traditional banks with a network of branches. One of the largest outages occurred in Great Britain in January 2017.

Multi-day service interruption costs Lloyds Bank £190,000

In early 2017, the British Lloyds Banking Group experienced a service interruption lasting for more than a day following DDoS attacks. Halifax Intermediaries and the Bank of Scotland were also affected. Between January 11 and 13, more than 20 million customers could not access online banking services or make transfers. As the outage entered its second day, the bank admitted it was caused by DDoS attacks launched by an extortionist. The perpetrator demanded a “consultancy fee” in the amount of £75,000 from Lloyds to be paid in bitcoins. The bank did not give in to the extortionist’s demands, and the IT department managed to mitigate the infrastructure overload without outside help. Damages are estimated to amount to £190,000. The offender has since been arrested and put on trial.

Revenge as a possible motive for attacks on Dutch banks

Days after the attacks on providers of financial services in the Netherlands, the question of who is behind the incidents is a matter of mere speculation. The media was quick to link the story to revelations that Dutch intelligence is assumed to have surveilled Russian hackers. If this turns out to be true, it might make sense to consider revenge as the motive for the DDoS attacks.

The attacks on the bank ABN Amro started on January 27 and resulted in some online service outages. The banks ING and Radobank were hit the following Monday, with similar results. The Dutch tax office went offline the same day. Initial analyses indicate attack bandwidths of up to 40 Gbps generated by the Zbot malware. Tuesday saw more attacks, but this time IT security was able to fend them off more effectively. Still, there were brief outages of the iDeal payment system.

DDoS Attacks on banks are commonplace

Lloyds Bank, ABN Amro, ING and Radobank are part of a long series of banks falling victim to DDoS attacks.

February/March 2017: On February 18, unidentified offenders give DNS requests sent to the Trump Organization the appearance of coming from the Russian Alfa-Bank. The multitudes of response packages from the Trump servers hit the IT infrastructure of the Russian provider of financial services hard. The same strategy is employed again with greater intensity on March 11 and 13.

November 2016: 5 large banks in Russia are hit by heavy DDoS attacks. The websites of Sberbank, Alfa-Bank, the Bank of Moscow, Rosbank and the Moscow Exchange are down for hours.

September 2016: In revenge for the Austrian government’s Turkey policy, the Turkish nationalist hacker collective Aslan Neferler Tim attacks the Austrian National Bank. The attack was repelled.

August 2016: The website of the Bank of Israel is taken down by a DDoS attack by the Ghost Squad Hackers group.

May 2016: Under the hashtag #OpIcarus, more than 150 central banks, financial platforms and institutions around the globe, including the US Federal Reserve, the Bank of England and the London Stock Exchange, are targeted by Anonymous activists.

February 2016: The largest Australian bank, the Commonwealth Bank of Australia, is under attack. A bored 15-year-old who wanted to try a DDoS attack for fun is behind the 3-hour outage.

January 2016: The British bank HSBC falls victim to a DDoS attack. For over 10 hours, millions of customers have no access to online and mobile banking services.

November 2015: Sberbank, a direct bank active in the Baltic states, is offline for several hours. Customers have to use a temporary URL for online banking.

Strict regulation for finance as a critical-infrastructure sector in Germany

In Germany, companies in the financial sector are part of the critical national infrastructure and thus subject to strict regulation designed to protect them from cyber-attacks and maintain availability of their critical services. For example, these organizations are required to have a reporting system in place to alert the German Federal Office for Information Security of relevant incidents. In addition, financial-service providers are strongly encouraged to implement state-of-the-art IT security measures and make sure they are properly enforced. To effectively repel overload attacks, many businesses in the industry already rely on security monitoring and dedicated DDoS protection solutions.

Cybersecurity 500 list includes Link11 as one of the global drivers of innovation
Successful once again: one morer prize for DDoS protection from Link11
This site is registered on wpml.org as a development site.