Lloyds Banking Group Reportedly Hit by DDoS AttackReport: Bank Allegedly Refused to Pay Ransom to Attacker
Lloyds Banking Group came under a distributed denial-of-service attack that hampered access to its online banking services for about two days earlier this month, several media outlets reported, citing anonymous sources.
See Also: The Essential Guide to Security
Officials at the British financial institution told Reuters that a small number of customers experienced issues, but that they would not speculate on the cause of the attack. The disruptions occurred Jan. 11 to Jan. 13, according to the Financial Times and Bloomberg.
Lloyd's officials couldn't immediately be reached for comment.
Attackers execute DDoS attacks by using networks of hacked computers or other internet-connected devices to fire data traffic at applications with the goal of jamming them. Financial institutions, gaming, web hosting, gambling and government services are among the most attacked entities.
Motherboard reported someone claiming to be attacker had tried unsuccessfully to extort Lloyd's, offering to stop the attacks in exchange for about $93,600 worth of the virtual currency bitcoin.
The supposed hacker shared an email sent to Lloyd's that says in exchange for the money, a list of flaws in Lloyd's network would be provided. Lloyd's online banking portal became unresponsive about an hour after the hacker told Motherboard said he would do a demonstration.
DDoS attacks have long been a tool for extortionists. For organizations that do not have the financial resources to mitigate the attacks, paying the ransom may be the cheapest way out. But experts recommended resisting blackmail, as it perpetuates attempts.
DDoS Attack More Frequent, Powerful
DDoS attacks have been around since the dawn of the Internet, and they're not going away any time soon. The attacks reached record levels in 2016, according to the Worldwide Infrastructure Security Report released on Jan. 24 by Arbor Networks. The report surveyed 356 enterprises, service providers, government and education network operators.
"The frequency of DDoS attacks is increasing, as 53 percent of respondents indicated they are seeing more than 51 attacks per month - up from 44 percent last year," the report says.
DDoS attacks typically average between 5 to 15 Gbps, but the largest recorded attack in 2016 was 800 Gbps. That was directed at Dyn, which provides outsourced Domain Name System management services. That attack had knock-on effects for Dyn's customers, including Spotify and PayPal, disrupting the ability of some web surfers to reach those companies' services (see Botnet Army of 'Up to 100,000' IoT Devices Disrupted Dyn).
There is little an organization can do to stop a DDoS attack. Rather, the floods of traffic are diverted and then filtered to remove the malicious traffic. Many firms offer DDoS mitigation remedies, but the services can be expensive, especially for very large attacks.
For high-volume web services, DDoS attacks mean an almost immediate loss of revenue. But attackers also employed DDoS to distract security teams from other nefarious actions quietly under way.
DDoS, Powered by IoT
The dramatic increase in the intensity of attacks has come because hackers have shifted from compromising consumer computers to internet of things devices.
The IoT has provided a fresh pool of potential soldiers for DDoS armies. Last September, two attacks used home routers and digital video recorders for record-setting attacks that fulfilled a prediction of many computer security experts.
The malware that infected the devices, called Mirai, was specially crafted to spread from vulnerable device to vulnerable device, exploiting exposed services such as telnet and unchanged default passwords (see Mirai Botnet Pummels Internet DNS in Unprecedented Attack).
Companies that make IoT devices are under increasing pressure to strengthen security controls in their software. For example, The U.S. Federal Trade Commission filed a complaint earlier this month against router manufacturer D-Link, alleging the company falsely marketed its devices as secure but leaving gaping holes in its products that put consumer data at risk (see FTC vs. D-Link: A Warning to the IoT Industry).