ake78 (3D & photo) - Fotolia

Lloyds Bank hit by massive DDoS attack

It has emerged that UK banks have been targeted by a DDoS campaign that affected services intermittently only at the Lloyds Banking Group

An international cyber crime gang has reportedly hit the Lloyds Banking Group with a two-day distributed denial of service (DDoS) attack that brought down online banking services intermittently.

The attack was part of a broader DDoS campaign against an unspecified number UK banks two weeks ago that affected only services at Lloyds, Halifax and Bank of Scotland, reports the Financial Times.

TSB, which split from Lloyds in 2013 but still uses the same technology platform, was also hit. Online customers of all affected banks were, at times, unable to check balances or make payments.

The DDoS attacks affected only the availability of services, but no customers suffered any financial loss, according to reports, which said the Lloyds Banking Group had declined to comment.

DDoS attacks typically flood online systems, such as internet banking sites or online trading platforms, with vast amounts of data to overload them and take services offline.

In January 2016, HSBC’s online banking website and mobile app were briefly knocked offline by a DDoS attack, which was the most common type of cyber attack on financial institutions at the time.  

Such attacks can be the work of cyber attackers hired by competitors, hacktivists or other interest groups, but they can also be used as a smokescreen to hide other malicious activity.

There have been cases in the US where banks targeted by DDoS attacks have subsequently discovered that attackers were stealing money at the same time.

Concern about DDoS attacks is increasing because of the availability of DDoS attack services and the ability to carry out massive attacks by botnets that have hijacked internet of things (IoT) devices.

Last year saw the first two attacks of one terabit per second (Tbps) or more, and Deloitte predicts that trend will continue in 2017.

Read more about cyber crime in financial services

  • The FCA expresses concern about the cyber security of banks after 9,000 Tesco Bank customers lost £2.5m in fraudulent transactions.
  • Secure messaging service Swift was surprised by the gaps in banks’ cyber security practices highlighted by mega cyber heist, says CISO Alain Desausoi.
  • Failure to follow standard network security best practice has exposed a Californian investment bank to cyber criminals’ demands.

According to the report, 2017 will see an average of one attack a month reaching at least 1Tbps in size, and the number of DDoS attacks for the year is expected to reach 10 million.

Deloitte predicts an average attack size of 1.25Gbps to 1.5Gbps, and the report points out that an unmitigated attack of this size would be enough to take many organisations offline.

The latest DDoS attacks on UK banks coincided with a warning by cyber security expert Richard Benham that a major UK bank will fail in 2017 as a result of a cyber attack.

In November 2016, the Financial Conduct Authority (FCA) expressed concern about the cyber security of banks after 9,000 Tesco Bank customers lost £2.5m in fraudulent transactions.

The cyber theft at Tesco Bank is still being investigated by the UK’s National Cyber Security Centre,  National Crime Agency (NCA) and the FCA.

The FCA has the ability to fine the banking group if investigations reveal it did not take reasonable steps to protect the bank infrastructure from cyber attack.

Growing concern about the financial sector’s vulnerability to cyber attack  prompted the US government to call on institutions in the sector to share more cyber attack information.

The US Treasury Department’s Financial Crimes Enforcement Network (FinCEN) said in an advisory that cyber criminals target the financial system to defraud financial institutions and their customers and to further other illegal activities.

Financial institutions can play an important role in protecting the financial system from these threats through thorough and timely reporting of cyber attacks, the advisory said.

The move by FinCEN came just a week after US bank regulators outlined cyber security standards to protect financial markets and consumers from online attacks. 

High-profile cyber attacks

Cyber security issues have become a priority for regulators as the likes of the New York Federal Reserve have been caught by high-profile cyber attacks.

The new standards will require banks with assets of $50bn or more to use the most sophisticated anti-hacking tools on the market and to be able to recover from any attack within two hours, reports Reuters.

Qualifying financial institutions will also be expected to be capable of operating critical business functions in the face of cyber attacks.

Commenting on the US moves, Mike Ahmadi, global director of critical systems security at Synopsys, said: “While banks arguably allocate the most resources towards addressing cyber security of any industry, they still lose billions every year due to hacking.

“While they have remained profitable despite such losses, one of the major concerns is a loss in consumer confidence, which is something they cannot easily rectify.”

Ahmadi said the explosion of technologies meant banks must now manage security for thousands of applications, which all introduce risk that must be monitored and managed constantly.

“In order to be more effective in managing such risks, banks will need to require their supply chain of technology providers to deliver products that have been developed using a rigorous secure software development lifecycle,” he said.

Read more on Business continuity planning