HSBC online services hit by DDoS attack

HSBC was hit by a distributed denial of service (DDoS) attack, which targeted its online personal banking services.

UK bank HSBC said it successfully fought off a distributed denial of service attack which targeted its personal banking websites. The bank said the attack, which made services unavailable for many people on pay day, did not affect customer transactions.

"HSBC internet banking came under a denial of service attack this morning, which affected personal banking websites in the UK,” said a spokesperson. “HSBC has successfully defended against the attack, and customer transactions were not affected. “

The bank apologised and said it is working hard to overcome the problem.

John Hackett, UK COO at HSBC, said customers who are unable to access the service and need to make an urgent payment can visit a branch  or contact personal telephone banking but he warned of "extremely high call volumes.”

“HSBC’s internet and mobile services have partially recovered, and we continue to work to restore a full service," he added.

It has not been a good month for HSBC’s online banking services. In the first week of January, customers were unable to use internet banking for two days as a result of an internal technical issue. Hackett said at teh time that there was a complex technical issue with its online systems.

In August last year an IT failure at HSBC led to 275,000 payments not being processed by the bank’s BACS system. The problem meant that businesses using HSBC business accounts to make payments were unable to transfer funds.

HSBC also had problems in the US in April last year when it had to inform some customers that their mortgage account information was inadvertently made accessible via the internet.

A recent report from Arbor Networks revealed that average intensity distributed denial of service (DDoS) attacks are now great enough to knock most businesses offline.

In its annual Worldwide Infrastructure Security Report, the security supplier found that the largest attack reported in the past year was 500Gbps, representing a 60 times increase in 11 years. There were also reports of attacks of 450Gbps, 425Gbps and 337Gbps, but these are fairly rare.

Read more about DDoS attacks

There is a real concern that many companies are being affected by the DDoS attacks commissioned by competitors, according to Kaspersky Lab.

Smaller DDoS attacks can be more dangerous than a powerful attack that knocks a company offline but does not install malware or steal data, warns Neustar.

Attackers have discovered new ways to conduct DDoS attacks. Expert Nick Lewis explains how they work, and what enterprises can do about them.

Read more on Hackers and cybercrime prevention