Credit: REUTERS/Stefan Wermuth
The Royal Bank of Scotland group of banks suffered nearly a fifty minute outage to their on-line banking systems today as a result of a Distributed Denial of Service Attack. The banks affected included, Royal Bank of Scotland (RBS), NatWest, and Ulster Bank. A spokesperson from NatWest said in a statement "The issues that some customers experienced accessing on-line banking this morning was due to a surge in internet traffic deliberately directed at the website. At no time was there any risk to customers. Customers experienced issues for around 50 minutes and this has now been resolved."
It is interesting to see this attack impact banks in the UK just days after an FBI agent in an interview with MarketWatch said that more than a 100 financial companies in the US received threats relating to DDoS attacks since April of this year. These threats were usually accompanied by an extortion demand looking for money to be paid, usually in the form of BitCoins, to prevent the attack from happening. There were no additional details given as to how many of those financial companies actually suffered the threatened DDoS attacks, paid the ransom and had no attacks, paid the ransom but still become victims of the DDoS attack, or indeed simply ignored the demand and had no further interaction with those behind the threats.
In May of this year, the Swiss Governmental Computer Emergency Response Team (GovCERT.ch) issued a warning relating to an increase in DDoS extortion attacks attributed to a group called DDB4C. GovCERT.ch highlight that the gang had previously operated against targets in other regions but were now targeting organisations in Europe. GovCERT.ch explained that the attacks by these groups are typically amplification attacks abusing the NTP, SSDP or DNS protocols. The Akamai blog also has more details on this gang and how they conduct their attacks.
The threat from DDoS extortion attacks have been around since companies started doing business on-line. But as can be seen from the attacks against RBS, NatWest, and Ulster Bank, and the warnings from GovCERT.ch and the FBI, these attacks are coming back into vogue again.
So if your organisation is faced with a DDoS extortion threat what should you do? Here are some steps to consider;
- Do not ignore the threat. It is possible it may be a bluff but it may also be a genuine threat. So inform your Incident Response Team so they can prepare in the event the attack materialises.
- Make sure your anti-DDoS protection mechanisms are able to cope threatened load. If you do not have any anti-DDoS systems in place contact your ISP, hosting provider, or security services reseller to discuss your options with them.
- Contact your Data Centres and ISPs to make them aware of the threats and allow them to prepare for any possible attacks. It would also be wise to ensure your Incident Response Team has direct contact with those of your providers.
- Do report the threat to the appropriate law enforcement agency. While they may not be able to directly assist with the threat or any eventual attacks, the information you provide could help law enforcement build and share intelligence with other law enforcement groups with the goal to eventually arrest those behind the threats.
- It may be wise to examine your business continuity plan to determine if you can invoke this plan in the event an attack materialises so that you can continue to provide services to your clients.
Sign up for Computerworld eNewsletters.