HSBC hit by DDoS attack. Online banking is offline

HSBCBanking giant HSBC says it has been fighting a distributed denial-of-service attack against its systems this morning, preventing users from accessing their online accounts.

Sure enough, if you visit HSBC UK's online banking page right now you will be greeted with an apology from the company for the disruption to normal services.

Customers are advised to either wait it out, or to make use of the company's telephone banking services instead.

Hsbc apology

We'd like to apologise to all our customers for Online Banking being unavailable.
We know how inconvenient this is and we are doing everything we can to rectify the problem.
Please try later.

An HSBC spokesperson has told the media that the company has successfully mitigated against the attack:

"HSBC internet banking came under a denial of service attack this morning, which affected personal banking websites in the UK. HSBC has successfully defended against the attack, and customer transactions were not affected. We are working hard to restore services, and normal service is now being resumed. We apologise for any inconvenience this incident may have caused."

However, the fact that online banking remains currently inaccessible suggests that recovery is not yet complete.

As yet, there is no clear indication as to what may have motivated criminals to launch an attack against HSBC's website. It does appear that it is becoming increasingly common for DDoS attackers to attempt to extort money from companies whose websites and online services they have disrupted, although I have not seen any confirmation from the bank as to whether they received a ransom demand or not.

Of course, it's also possible that the motivation was not financial, but instigated by someone who has a grudge against the bank or, indeed, some kids doing it for a "laugh".

It should go without saying that distributed denial-of-service attacks are no laughing matter and can result in their perpetrators receiving a stiff prison sentence.

If you bank with HSBC don't panic. Although it's irritating that you cannot access your online bank account, a DDoS attack is just disruptive - it doesn't mean that the security of a website has been breached, or that your personal data might be at risk.

The bank said on Twitter that it is "working closely with law enforcement authorities to pursue the criminals responsible for today’s attack on our internet banking."

Tags: ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

,

One Response

  1. Chris Webb

    January 29, 2016 at 4:17 pm #

    Are you up to speed on Mr Ethical, Graham? See http://nicholaswilson.com/ Maybe its someone who has a grudge against HSBC (not him!)

Leave a Reply