Imagine if you will a 48 hour DDoS attack at your organization. How would you cope? How would you continue your business and service your customers? Ask Lloyds bank!
Lloyds Banking Group suffered 48-hour online attack this month as cybercriminals attempted to block access to 20m UK accounts. The denial of service attack ran for two days from Wednesday 11 January to Friday 13 January, as Lloyds, Halifax and Bank of Scotland were bombarded with millions of fake requests, designed to grind the group’s systems to a halt. Usually in a denial of service (DOS) attack the criminals demand a large ransom, to be paid in bitcoins, to end the onslaught.
However, no accounts were hacked or compromised during the attack, and Lloyds did not pay a ransom.
In a cat-and-mouse game across the planet, IT security experts at Lloyds “geo-blocked” the source of the attack. This effectively drops a portcullis over the server launching the attacks, but also stops legitimate customer requests from that area too. The cybercriminals then move to another server, and the geo-blocking game begins again.
It explains the intermittent nature of the service issues at Lloyds during the period of the attack, with some customers complaining that they could not log on, but most experiencing normal service.
Their public message? “We experienced intermittent service issues with internet banking between Wednesday morning and Friday afternoon the week before last and are sorry for any inconvenience caused.
The incident comes just months after a far more serious cyber-heist against Tesco Bank, when criminals launched an “unprecedented” online attack that resulted in the loss of £2.5m from 9,000 accounts.
Several other major British banks have been hit by service outages over the past two years when their systems were flooded with fake requests. In January last year, HSBC’s internet banking facility was made unavailable following a DOS attack, but no transactions were affected.