Incident Of The Week: DDoS Attack Hits 3 Banks Simultaneously

Add bookmark
Dan Gunderman
Dan Gunderman
02/02/2018

DDoS Attack

In the dynamic world of cyber security, breaches are both tightly guarded and, sadly, imminent.

Combing through data, market research and threat-defense efforts taken by enterprises can be a daunting task. Here at Cyber Security Hub, we both track the latest industry news and make it more navigable for the IT professional. CSHub coverage extends outwards – as it helps enterprises batten down their proverbial hatches.

In this edition of “Incident of the Week,” we examine a string of apparent distributed denial of service (DDoS) attacks that struck Dutch banks, along with the nation’s tax office. The events began last weekend, and carried over to Monday, Jan. 29.

ABN AMRO, ING and Rabobank all fell victim to the DDoS outbreak that took hold late last month. Resulting effects included timed-out websites and slowed response times.

The tax office, specifically, is believed to have gone dark for about five to 10 minutes.

With more than 140,000 members, Cyber Security Hub is the vibrant community connecting cyber security professionals around the world.

ABN AMRO pushed out its first statement about the DDoS incident on Jan. 28, saying that the financial institution “suffered a series of DDoS attacks in the past weekend… The attacks have now been stopped and our systems, including Mobile Banking, Internet Banking and iDEAL, are available for clients again.”

See Related: Incident Of The Week: Gov. Transit Agency Attacked By N. Korean Malware

The statement continued: “As always the bank will continue to monitor service availability, and the recent attacks have prompted added vigilance. ABN AMRO apologizes for any inconvenience caused.”

The most crucial part of the statement reads, “The security of payments and client data was at no point under threat.”

ABN AMRO’s Internet Banking, Mobile Banking, the abnamro.nl website and iDEAL all became unavailable or ran extremely slow starting on Jan. 27, carrying over to Jan. 28.

The typical DDoS incident usually involves attackers sending large volumes of data traffic to a website, with the aim of overloading servers and crashing said site. Amid the attack, the targeted website becomes inaccessible or painfully slow.

As the ABN AMRO statement clarifies, the DDoS attack differs from a hack. The financial institution, then, was not at risk for data or financial loss.

Previously, on Jan. 26, the same bank experienced “downtime due to technical problems.” That is not believed to be a part of the DDoS campaign.

See Related: Incident Of The Week: Hospital Pays $55K In Bitcoin After Ransomware Attack

In a follow-up statement on Jan. 29, ABN AMRO wrote, “Other banks in the Netherlands have suffered similar attacks in recent days.”

The statement continues, reading, “This weekend’s DDoS attacks were heavier than previous ones and lasted longer. At the moment, it is unknown who is behind the attacks, and in by far most cases, the source of an attack is never discovered.”

The institution reported the incident to police – to prompt an investigation from the National Cyber Security Centre.

The bank added, “A DDoS attack directly triggers security protocols aimed at averting the attack and maintaining or restoring availability of services to clients.”

The DDoS incidents are believed to have caused similar effects at the other institutions – insofar as not sounding the mega-breach alarms.

On Jan. 30, the same institution announced that its Digital Impact Fund (DIF) purchased an interest in the U.S. cyber security firm BehavioSec.

According to the release, “this strategic investment…gives ABN AMRO direct access to the ecosystems of leading venture capital providers and digital security players and current trends in these fields.”

Cyber security is a core theme for ABN AMRO,” the release noted. “ABN AMRO’s clients need assurance that the personal data and assets that they have entrusted to the bank always receive excellent protection.”

Be Sure To Check Out: Incident Of The Week: Phishing Scam Affects 30K Medicaid Members