 |
| Blogger: Hannah Doughty |
The attack which disabled the RBS and Natwest Bank online services last Friday morning appears to be part of a renewed trend of DDoS attacks against the banking industry. According to law enforcement sources in America and Europe, distributed denial of service (DDoS) attacks against banks and other financial institutions are increasingly accompanied by ransom demands.
A statement from NatWest bank, part of the Royal Bank of Scotland Group, “The issues that some customers experienced accessing online banking this morning was due to a surge in internet traffic deliberately directed at the website. At no time was there any risk to customers.”
In 2014, RBS was hit by £56 million in fines for the failures in 2012 that disabled 6.5 million customer accounts. Critics said that the acquisition of so many disparate banks has led to a hodge-podge of IT systems, leaving the system vulnerable to outages and attacks.
In June 2015, RBS pledged to invest £150 million a year on cyber-security on top of hundreds of millions it had already spent for security and resiliency projects.
Security experts were not surprised by Friday's DDoS attack. It follows warnings from both the FBI in America and the Swiss Governmental Computer Emergency Response Team that DDoS extortion rackets against banks are on the rise.
In the US, an FBI agent told the Marketwatch.com website that more than 100 companies including banks and brokerages had received DDoS threats since April. Richard Jacobs, assistant special agency in charge of the cyber branch at the FBI's New York office, said the ransom requests were usually for tens of thousands of dollars.
While a £6,000 ransom amount may seem high, especially compared to the typical ransom demands for consumers held hostage which typically are in the £200 range, banks facing a DDoS attack could be looking at losses of £60,000 an hour, according to Neustar.
How do you mitigate against these attacks?
Have you got got a Response plan in place?
No comments:
Post a Comment