Lloyds Bank survives three-day DDoS onslaught
Mon 23 Jan 2017
Lloyds Bank, the largest retail banking outlet in the UK, was subject to an unusually sustained Distributed Denial of Service (DDoS*) attack earlier this month, according to recent reports.
Initially reported (paywalled) by the Financial Times, the attack began on the morning of January 11th and ran until the close of Friday 13th.
Business Insider, which was able to confirm the FT story, reported that the attack came in waves at three-hour intervals. It also affected customers using Lloyds’ tech platform, including TSB, the Bank of Scotland and Halifax.
The banking group reported that the attackers did not succeed in gaining access to any of its 20 million customer accounts. However, the motives for the attack are still not clear; the objective might have ranged from flash withdrawals to database excision or even the depositing of malicious software.
DDoS attacks flood targeted servers with a high volume of successive and contemporaneous requests with the aim of destabilising them to the point where they are exploitable. This can occur because of vulnerability in reboot processes attempting to recover from the attack, or from exploiting vulnerabilities of related processes which might be assuming full server integrity, and might respond to unauthorised access attempts under such a deluge.
Since large organisations such as Lloyds have a great number of fail-over solutions and secondary or mirror servers to handle ordinary increases in traffic, not all customers were affected by the onslaught, with most reported as having been able to log on and conduct business as usual.
In a statement, the bank commented:
“We experienced intermittent service issues with internet banking between Wednesday morning and Friday afternoon the week before last and are sorry for any inconvenience caused…We had a normal service in place for the vast majority of this period and only a small number of customers experienced problems. In most cases if customers attempted another log-in they were able to access their accounts.
“We will not speculate on the cause of these intermittent issues.”
The Lloyds attempt, while unusual, is not by any means record-breaking. In 2007 the diminutive Baltic country Estonia endured a three-week DDoS wave, attributed by some as a covert attack on the state by Russian government interests. China’s Great Cannon was likewise flagged by many as the origin of a similar week-long attack on an activist site critical of the nation’s legendarily restrictive national firewall.
In November Tesco’s bank was the victim of a £2.5 million cyber-heist. In 2015 both HSBC and RBS were directly attacked with similar methods to the Lloyds attempt. Andrew Tyrie, chair of the House of Commons Treasury select committee, called today for the financial services industry to create an accountable body to develop new strategies against the growing phenomenon of attacks against banks.
* Some outlets are reporting the attack as DoS rather than DDoS, even whilst reporting that the server requests came from ‘multiple systems’.
