DDoS attack cripples HSBC online banking

No customer records compromised, bank says, after second outage of 2016

A cyber attack that has crippled HSBC's website has left customers locked out of online banking services today.

A DDoS (distributed-denial-of-service) attack knocked out HSBC's online functions at around 8.30am this morning, and customers have struggled to access their accounts online since, with HSBC warning at 4.45pm that the assault on its servers is ongoing, though a normal service is returning.

While no customer records or transactions have been compromised, the attack left customers unable to log into online banking facilities via web browsers or mobile apps.

A spokeswoman for HSBC initially told IT Pro that the bank "has successfully defended against the attack" at around 11.20am.

But a statement from COO John Hackett at 4.45pm read: ""We are continuing to experience attempted denial of service attacks and we are closely monitoring the situation with the authorities. 

"HSBC's internet and mobile services have partially recovered, and we continue to work to restore a full service. We apologise for the disruption and inconvenience this may have caused."

Today's DDoS attack comes on the final Friday of January, when many people will still be getting paid, and follows two days of outages at the beginning of this month affecting 17 million customers.

Security firm ESET's security specialist, Mark James, said HSBC's reputation will suffer as a result.

"DDoS attacks, regardless of motive, are never good for any organisation," he said. "Its users may vote with their feet rather than be understanding and stay with them."

Tripwire security researcher, Craig Young, speculated that the DDoS assault could be the work of hacktivists - hackers with a moral axe to grind - or cybercriminals looking to force HSBC to cough up in order to put an end to the issue.

"This is a common type of attack used by so-called hacktivists looking to make a political statement as well as extortionists requesting a ransom in exchange for stopping the attack," he said. "Often times the flood of requests are coming from computers and routers which have been hacked and unwillingly enlisted for attack."

HSBC said it is working with police to identify the culprits.

A spokeswoman said: "HSBC is working closely with law enforcement authorities to pursue the criminals responsible for today's attack on our internet banking. We apologise for any inconvenience this incident may have caused."

In addition to the outage at the beginning of January, the bank also angered customers last August by stopping BACS payments from leaving their accounts. HSBC revealed this week in a letter to a committee of MPs that the error was caused by a mega-payment rejected by its system, according to the BBC.

Featured Resources

Become a digital service provider

How to transform your business from network core to edge

Download now

Optimal business results with the cloud

Evaluating the best approaches to hybrid cloud adoption

Download now

Virtualisation that enables choices, not compromises

Harness the virtualisation technology that's right for your hybrid infrastructure

Download now

Email security threat report 2020

Four key trends from spear fishing to credentials theft

Download now

Recommended

How LogPoint uses MITRE ATT&CK
Whitepaper

How LogPoint uses MITRE ATT&CK

15 Jan 2021
Hackers using COVID vaccine as a lure to spread malware
hacking

Hackers using COVID vaccine as a lure to spread malware

15 Jan 2021
Cyber criminals bypassing MFA to access cloud service accounts
two-factor authentication (2FA)

Cyber criminals bypassing MFA to access cloud service accounts

14 Jan 2021
Weekly threat roundup: Microsoft Defender, Adobe, Mimecast
vulnerability

Weekly threat roundup: Microsoft Defender, Adobe, Mimecast

14 Jan 2021

Most Popular

150,000 arrest records accidentally deleted from police database
data management

150,000 arrest records accidentally deleted from police database

15 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

12 Jan 2021