DDoS Attacks Take Down RBS, Ulster Bank, and Natwest Online Systems

The Royal Bank of Scotland group of banks suffered nearly a fifty minute outage to their on-line banking systems today as a result of a Distributed Denial of Service Attack. The banks affected included, Royal Bank of Scotland (RBS), NatWest, and Ulster Bank. A spokesperson from NatWest said in a statement "The issues that some customers experienced accessing on-line banking this morning was due to a surge in internet traffic deliberately directed at the website. At no time was there any risk to customers. Customers experienced issues for around 50 minutes and this has now been resolved."

It is interesting to see this attack impact banks in the UK just days after an FBI agent in an interview with MarketWatch said that more than a 100 financial companies in the US received threats relating to DDoS attacks since April of this year. These threats were usually accompanied by an extortion demand looking for money to be paid, usually in the form of BitCoins, to prevent the attack from happening. There were no additional details given as to how many of those financial companies actually suffered the threatened DDoS attacks, paid the ransom and had no attacks, paid the ransom but still become victims of the DDoS attack, or indeed simply ignored the demand and had no further interaction with those behind the threats.

In May of this year, the Swiss Governmental Computer Emergency Response Team (GovCERT.ch) issued a warning relating to an increase in DDoS extortion attacks attributed to a group called DDB4C. GovCERT.ch highlight that the gang had previously operated against targets in other regions but were now targeting organisations in Europe. GovCERT.ch explained that the attacks by these groups are typically amplification attacks abusing the NTP, SSDP or DNS protocols. The Akamai blog also has more details on this gang and how they conduct their attacks.

The threat from DDoS extortion attacks have been around since companies started doing business on-line. But as can be seen from the attacks against RBS, NatWest, and Ulster Bank, and the warnings from GovCERT.ch and the FBI, these attacks are coming back into vogue again.

So if your organisation is faced with a DDoS extortion threat what should you do? Here are some steps to consider;

  • Do not ignore the threat. It is possible it may be a bluff but it may also be a genuine threat. So inform your Incident Response Team so they can prepare in the event the attack materialises.
  • Make sure your anti-DDoS protection mechanisms are able to cope threatened load. If you do not have any anti-DDoS systems in place contact your ISP, hosting provider, or security services reseller to discuss your options with them.
  • Contact your Data Centres and ISPs to make them aware of the threats and allow them to prepare for any possible attacks. It would also be wise to ensure your Incident Response Team has direct contact with those of your providers.
  • Do report the threat to the appropriate law enforcement agency. While they may not be able to directly assist with the threat or any eventual attacks, the information you provide could help law enforcement build and share intelligence with other law enforcement groups with the goal to eventually arrest those behind the threats.
  • It may be wise to examine your business continuity plan to determine if you can invoke this plan in the event an attack materialises so that you can continue to provide services to your clients.

It is also incumbent on anyone of us responsible for hosting internet facing services that these services are configured securely so they don't facilitate criminals to use them in amplification, or indeed any other, attacks against other companies.

It is interesting to note that this is not the first time that RBS has been targeted by DDoS attacks. In December 2013 its on-line systems were unavailable for up to 12 hours as a result of a DDoS attack.  This came after the RBS group of banks suffered a major outage to their payment systems in 2012 resulting in the banks being unable to process customer payments for a number of days and led to the group being fined STG£56 million by UK regulatory authorities for the "unacceptable" computer failure.

Speaking in December 2013 about the 2012 outage the RBS CEO, Mr Ross McEwan, admitted there had been a significant under investment in IT in the bank. Mr McEwan, said "For decades, RBS failed to invest properly in its systems. We need to put our customers' needs at the centre of all we do. It will take time, but we are investing heavily in building IT systems our customers can rely on."

After today it looks like RBS will need to ensure it continues to invest in the technology and people required to keep its systems and data secure.

Join the CSO newsletter!

Error: Please check your email address.

Tags Royal Bank of Scotlandcyber attacksRBSespionagesecurityfbiBank of Scotland

More about Computer Emergency Response TeamCustomersFBIindeedRoyal Bank of Scotland

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Brian Honan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts