A denial of service blitz aimed at some of the UK’s biggest high street lenders a fortnight ago took services at Lloyds Banking Group offline intermittently for two days, it has been claimed.
People “familiar with the situation” told the FT that the attacks were carried out by an international cybercrime gang.
Customers of Lloyds and its Halifax and Bank of Scotland brands were affected, as were those of spin-off lender TSB, which apparently still uses Lloyds’ IT platform.
However, a statement from the banking group refused to speculate on the cause of the outages:
"We experienced intermittent service issues with internet banking between Wednesday morning and Friday afternoon the week before last and are sorry for any inconvenience caused.
We had a normal service in place for the vast majority of this period and only a small number of customers experienced problems. In most cases if customers attempted another log in they were able to access their accounts.”
The alleged attacks follow a 2016 outage at HSBC which meant customers were unable to log-in to their internet banking portals.
Ilia Kolochenko, CEO of High-Tech Bridge, argued that DDoS tactics are often used as a smokescreen to cover data-stealing attacks – so this one must be carefully investigated.
“DDoS attacks are quite simple to organize, but very difficult and expensive to mitigate. At the end of the last year even Akamai was obliged to terminate its DDoS protection service for US journalist and investigative reporter Brian Krebs’s website, following ongoing and massive DDoS attacks against it,” he argued.
“More and more insecure devices are connected to the internet, from smart watches to coffee machines, and cyber-criminals won’t miss their chance to turn them into zombies to reinforce their DDoS botnets. In the next couple of years, we may arrive at a situation when several hacking groups will be able to ‘censure’ and temporarily shut down even such companies as Google.”
The attack against Krebs’ site was made possible thanks to an IoT-powered botnet dubbed Mirai, which also took out some of the biggest names on the web last year after DDoS-ing DNS firm Dyn.
Splunk security evangelist, Matthias Maier, argued that organizations need to gain full visibility across their respective environments.
“These insights lead to a better understanding of what’s happening and when. A successful recovery plan includes visibility, analysis and automated and human-mediated response capabilities,” he added.
“The Lloyds DDoS attack shows us that attacks are inevitable, but a well-instrumented organization can recover from even the most sophisticated intrusions."