HSBC restores websites after major DDoS assault

Sophisticated, large-scale attack nixed online banking

HSBC has restored access to several of the company's most important websites rendered inaccessible for ten hours by what is starting to look like one of the largest and most successful DDoS attacks ever to hit a prominent UK company.

The attack appears to have begun before 6pm on Thursday, 18 October, blocking access to several and US domains plus, embarrassingly, the First Direct online bank.

According to the company's Twitter account - now the means by which companies communicate regarding major outages such as this - access was not restored until 3am BST.

"This denial of service attack did not affect any customer data, but did prevent customers using HSBC online services, including internet banking. We are taking appropriate action, working hard to restore service," HSBC said in a statement.

"We are pleased to say that some sites are now back up and running. We are cooperating with the relevant authorities and will co-operate with other organisations that have been similarly affected by such criminal acts."

DDoS attacks are routine on any company or bank of HSBC's size, so what made this one so crippling?

According to security company Arbor Networks, the most likely explanation is simply that the attackers threw everything at HSBC, particularly at the application level. That might be the new reality of DDoS attacks but tis peaks of the ability to muster sophisticated methods beyond the norm.

"Recent attacks have used what we call multi-vector attacks, attacks which utilise a combination of volumetric, and application layer attack vectors," suggested Arbor's Darren Anstee.

"What we are seeing here are TCP, UDP and ICMP packet floods combined HTTP, HTTPS and DNS application layer attacks. Attackers are doing this because they know it makes the attacks more difficult to deal with, but not impossible if we have the right services and solutions in place," He said.

Suspicions regarding the source of the attacks will turn to obvious candidates such as Anonymous or possibly politically-motivated attackers from the Middle East; claims of responsibility have already reportedly been made on Twitter.

"In our experience financial organisations are slightly ahead of other businesses in the appreciation of the threats that DDoS attacks represent to their business, however many are lulled into a false sense of security by thinking that traditional means of defence like firewalls will combat the threat," commented Paul Lawrence or Corero Networks.

Targeting banks is nothing new. Only days ago, self-declared Islamic hackers vented their fury on a clutch of US financial sector organisations, disrupting SunTrust Banks and Capital One Financial. This followed earlier attacks on PNC Bank, Wells Fargo, US Bank, Bank of America and JPMorgan Chase.

Western hackers have used Pastebin and Twitter to give a running narrative on their exploits; now groups such as the "Izz ad-Din al-Qassam Cyber Fighters" have taken to the attention-seeking tactic.

Join the CSO newsletter!

Error: Please check your email address.

Tags arbor networkssecurityHSBCtwitter

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place