If you’re a Lloyds customer, you may have noticed a few issues with your online banking around 2 weeks ago. Think back. Maybe it was a bit slow logging on, or possibly you weren’t able to access it at all, instead being told to try again later. Well, the good news is it wasn’t anything to do with your internet or you forgetting the passwords. The bad news is that the issues came as the result of a targeted DOS attack on the Lloyds group.
DOS is a technical shorthand term for “Denial of Service’. Denial of Service attacks do exactly what they say on the tin – they attack businesses by denying service to something they need. From the customer perspective, a DOS attack might result in the inability to access their website, and for a bank it is blocking users from logging into their online banking. But DOS attacks aren’t limited to blocking client access to the business. A DOS attack is any attack where the perpetrator seeks to make a machine or network resource unavailable to its intended users. For example, an attacker might target an internal server for a trading company, all machines in one office that are hooked up to the Internet or removing access to a company’s till systems. A DOS attack works by flooding the network with useless traffic, effectively bringing the network crashing down and the target unable to access it. Lloyds was more specifically the target of a DDOS attack, which stands for Distributed Denial of Service and means that the attack was coming from thousands of unique IP addresses, instead of 1 repeatedly, making it more difficult to deal with.
2 weeks ago, on the 1th of January, Lloyds, Halifax and Bank of Scotland (all of whom are part of the same parent group) websites all experienced an overwhelming surge of requests in a targeted Denial of Service attack. A DOS attack on any financial institution isn’t exactly new, but usually the infrastructure and security installed is more than a match for it. No, what’s more concerning is that the disruptions caused by this attack lasted for 3 days, implying that the group had difficulty dealing with the attack. News sources have mentioned that systems engineers blocked all internet traffic from the overseas locations the attacks were coming from, but the attackers quickly switched their activities to elsewhere, continuing the problems. It has since been revealed that the National Cyber Security Centre are now working with the bank to shore up their defences.
Denial of Service attacks are normally the result of a customer with a grudge, or a team of hackers looking to blackmail the institution – specifically if one institution has been singled out. But in this case, there is no evidence that any money was taken or even targeted. Unlike the hacking of Tesco bank in November (where £2.5m was taken), money does not seem to be the motivation here. We still aren’t sure what is, but the National Cyber Security Centre have assured us that they are working on the issue.
As business owners, we are seeing a huge rise of DOS attacks to every level of business, from one man bands to big corporates like Lloyds. Because DOS attacks are one of the easiest to initiate, any customer with a grudge could decide to take their rage digital. Thankfully, there are measures you can take to ensure that your business is not the target of a DOS attack, and if it is, ways to ensure it doesn’t bring your entire business down. For more information, get in touch with us today.