We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

HSBC restores websites after major DDoS assault

Sophisticated, large-scale attack nixed online banking

HSBC has restored access to several of the company's most important websites rendered inaccessible for ten hours by what is starting to look like one of the largest and most successful DDoS attacks ever to hit a prominent UK company.

The attack appears to have begun before 6pm on Thursday, 18 October, blocking access to several hsbc.co.uk and US domains plus, embarrassingly, the First Direct online bank.

According to the company's Twitter account - now the means by which companies communicate regarding major outages such as this - access was not restored until 3am BST.

"This denial of service attack did not affect any customer data, but did prevent customers using HSBC online services, including internet banking. We are taking appropriate action, working hard to restore service," HSBC said in a statement.

"We are pleased to say that some sites are now back up and running. We are cooperating with the relevant authorities and will co-operate with other organisations that have been similarly affected by such criminal acts."

DDoS attacks are routine on any company or bank of HSBC's size, so what made this one so crippling?

According to security company Arbor Networks, the most likely explanation is simply that the attackers threw everything at HSBC, particularly at the application level. That might be the new reality of DDoS attacks but tis peaks of the ability to muster sophisticated methods beyond the norm.

"Recent attacks have used what we call multi-vector attacks, attacks which utilise a combination of volumetric, and application layer attack vectors," suggested Arbor's Darren Anstee.

"What we are seeing here are TCP, UDP and ICMP packet floods combined HTTP, HTTPS and DNS application layer attacks. Attackers are doing this because they know it makes the attacks more difficult to deal with, but not impossible if we have the right services and solutions in place," He said.

Suspicions regarding the source of the attacks will turn to obvious candidates such as Anonymous or possibly politically-motivated attackers from the Middle East; claims of responsibility have already reportedly been made on Twitter.

"In our experience financial organisations are slightly ahead of other businesses in the appreciation of the threats that DDoS attacks represent to their business, however many are lulled into a false sense of security by thinking that traditional means of defence like firewalls will combat the threat," commented Paul Lawrence or Corero Networks.

Targeting banks is nothing new. Only days ago, self-declared Islamic hackers vented their fury on a clutch of US financial sector organisations, disrupting SunTrust Banks and Capital One Financial. This followed earlier attacks on PNC Bank, Wells Fargo, US Bank, Bank of America and JPMorgan Chase.

Western hackers have used Pastebin and Twitter to give a running narrative on their exploits; now groups such as the "Izz ad-Din al-Qassam Cyber Fighters" have taken to the attention-seeking tactic.

IDG UK Sites

Best camera phone of 2015: iPhone 6 Plus vs LG G4 vs Galaxy S6 vs One M9 vs Nexus 6

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model