Earlier today, it was reported that banking giant HSBC had been hit by a distributed denial-of-service attack (DDoS) against its systems, stopping users from accessing their online accounts.
Robert Capps, VP of business development at NuData Security, answered some questions regarding the attack.
How safe is your bank account?
“It’s incredibly important to understand that Distributed Denial of Service attacks (DDoS) are not direct attacks on the accounts at financial institutions, they are attacks on the public image and consumer good will towards those institutions. They are meant to harass, intimidate and embarrass a targeted institution, but the DDoS attacks rarely result in any last lasting impact on individual accounts at an institution.”
How safe is online banking?
“Online banking is still incredibly safe for individual consumers, and brings with it a level of convenience and direct visibility that has long been absent from traditional banking channels. At one time, you may not have known about improper access or transactions on a financial account, until the bill or statement came at the end of the month. DDoS attacks are not attacks meant to directly steal from consumers, they are meant to deny them access to the institution in one of the most convenient and consumer friendly ways methods we’ve devised, to date. It’s important to understand that bank accounts remain available via other channels, even during a crushing DDoS attack, and consumers may visit a bank branch, place a phone call to their bank, or use their normal payment cards, during such an attack.”
How safe are modern bank accounts?
“They are incredibly safe, and with the deployment on modern and emerging security features, are becoming even safer. As we make access to financial institutions even more convenient to the average consumer, we also make attacking them much easier for an individual or group with malicious intent. While the later is unwanted, it’s a cost of creating an open and accessible financial system that allows for the growth and prosperity we’ve witnessed over the last 20 years.”
What sort of systems are in place to protect them and are they vulnerable?
“Sadly, there are few effective systems to fully protect institutions from the effects of a DDoS attack. This is an unfortunate by-product of how the Internet itself was designed decades ago. The reality of the situation is that the tools available to commit such an attack are available to a marginally sophisticated attacker, for a few hundred dollars, and a few hours of their time.
There are a few additional issues to be worried about beyond the initial impact to the image of an Online Institution during a DDoS attack. In recent years, we’ve seen DDoS attacks against banks used as a smoke screen and cover for other nefarious activities such as cyber-heists at a targeted institution. They are sometimes meant to draw away the attention of the information security teams of a financial institution from the real intent of the attacks, such as large value money transfers, or the bulk theft and removal of consumer account data. Only time will tell if the HSBC cyber attack is simply a DDoS attack or a cover for a much more damaging intrusion in to their systems.”