Since banks and other providers of financial services perform an important function within a country’s infrastructure, they face particularly high cyber-risks. By supplying cash, managing payment transactions and providing extensive loan services, the industry’s role in society is crucial. Also, it controls considerable funds. To gain access to these funds, attackers rely increasingly on DDoS attacks, a critical threat to the business of both direct banks and traditional banks with a network of branches. One of the largest outages occurred in Great Britain in January 2017.
In early 2017, the British Lloyds Banking Group experienced a service interruption lasting for more than a day following DDoS attacks. Halifax Intermediaries and the Bank of Scotland were also affected. Between January 11 and 13, more than 20 million customers could not access online banking services or make transfers. As the outage entered its second day, the bank admitted it was caused by DDoS attacks launched by an extortionist. The perpetrator demanded a “consultancy fee” in the amount of £75,000 from Lloyds to be paid in bitcoins. The bank did not give in to the extortionist’s demands, and the IT department managed to mitigate the infrastructure overload without outside help. Damages are estimated to amount to £190,000. The offender has since been arrested and put on trial.
Days after the attacks on providers of financial services in the Netherlands, the question of who is behind the incidents is a matter of mere speculation. The media was quick to link the story to revelations that Dutch intelligence is assumed to have surveilled Russian hackers. If this turns out to be true, it might make sense to consider revenge as the motive for the DDoS attacks.
The attacks on the bank ABN Amro started on January 27 and resulted in some online service outages. The banks ING and Radobank were hit the following Monday, with similar results. The Dutch tax office went offline the same day. Initial analyses indicate attack bandwidths of up to 40 Gbps generated by the Zbot malware. Tuesday saw more attacks, but this time IT security was able to fend them off more effectively. Still, there were brief outages of the iDeal payment system.
Lloyds Bank, ABN Amro, ING and Radobank are part of a long series of banks falling victim to DDoS attacks.
February/March 2017: On February 18, unidentified offenders give DNS requests sent to the Trump Organization the appearance of coming from the Russian Alfa-Bank. The multitudes of response packages from the Trump servers hit the IT infrastructure of the Russian provider of financial services hard. The same strategy is employed again with greater intensity on March 11 and 13.
November 2016: 5 large banks in Russia are hit by heavy DDoS attacks. The websites of Sberbank, Alfa-Bank, the Bank of Moscow, Rosbank and the Moscow Exchange are down for hours.
September 2016: In revenge for the Austrian government’s Turkey policy, the Turkish nationalist hacker collective Aslan Neferler Tim attacks the Austrian National Bank. The attack was repelled.
August 2016: The website of the Bank of Israel is taken down by a DDoS attack by the Ghost Squad Hackers group.
May 2016: Under the hashtag #OpIcarus, more than 150 central banks, financial platforms and institutions around the globe, including the US Federal Reserve, the Bank of England and the London Stock Exchange, are targeted by Anonymous activists.
February 2016: The largest Australian bank, the Commonwealth Bank of Australia, is under attack. A bored 15-year-old who wanted to try a DDoS attack for fun is behind the 3-hour outage.
January 2016: The British bank HSBC falls victim to a DDoS attack. For over 10 hours, millions of customers have no access to online and mobile banking services.
November 2015: Sberbank, a direct bank active in the Baltic states, is offline for several hours. Customers have to use a temporary URL for online banking.
In Germany, companies in the financial sector are part of the critical national infrastructure and thus subject to strict regulation designed to protect them from cyber-attacks and maintain availability of their critical services. For example, these organizations are required to have a reporting system in place to alert the German Federal Office for Information Security of relevant incidents. In addition, financial-service providers are strongly encouraged to implement state-of-the-art IT security measures and make sure they are properly enforced. To effectively repel overload attacks, many businesses in the industry already rely on security monitoring and dedicated DDoS protection solutions.