DDoS Attacks Take Down RBS, Ulster Bank, and Natwest Online Systems
It is interesting to see this attack impact banks in the UK just days after an FBI agent in an interview with MarketWatch said that more than a 100 financial companies in the US received threats relating to DDoS attacks since April of this year. These threats were usually accompanied by an extortion demand looking for money to be paid, usually in the form of BitCoins, to prevent the attack from happening. There were no additional details given as to how many of those financial companies actually suffered the threatened DDoS attacks, paid the ransom and had no attacks, paid the ransom but still become victims of the DDoS attack, or indeed simply ignored the demand and had no further interaction with those behind the threats.
In May of this year, the Swiss Governmental Computer Emergency Response Team (GovCERT.ch) issued a warning relating to an increase in DDoS extortion attacks attributed to a group called DDB4C. GovCERT.ch highlight that the gang had previously operated against targets in other regions but were now targeting organisations in Europe. GovCERT.ch explained that the attacks by these groups are typically amplification attacks abusing the NTP, SSDP or DNS protocols. The Akamai blog also has more details on this gang and how they conduct their attacks.
The threat from DDoS extortion attacks have been around since companies started doing business on-line. But as can be seen from the attacks against RBS, NatWest, and Ulster Bank, and the warnings from GovCERT.ch and the FBI, these attacks are coming back into vogue again.
So if your organisation is faced with a DDoS extortion threat what should you do Here are some steps to consider;
It is also incumbent on anyone of us responsible for hosting internet facing services that these services are configured securely so they don't facilitate criminals to use them in amplification, or indeed any other, attacks against other companies.
It is interesting to note that this is not the first time that RBS has been targeted by DDoS attacks. In December 2013 its on-line systems were unavailable for up to 12 hours as a result of a DDoS attack. This came after the RBS group of banks suffered a major outage to their payment systems in 2012 resulting in the banks being unable to process customer payments for a number of days and led to the group being fined STG£56 million by UK regulatory authorities for the "unacceptable" computer failure.
Speaking in December 2013 about the 2012 outage the RBS CEO, Mr Ross McEwan, admitted there had been a significant under investment in IT in the bank. Mr McEwan, said "For decades, RBS failed to invest properly in its systems. We need to put our customers' needs at the centre of all we do. It will take time, but we are investing heavily in building IT systems our customers can rely on."
After today it looks like RBS will need to ensure it continues to invest in the technology and people required to keep its systems and data secure.