Banking giant HSBC says it has been fighting a distributed denial-of-service attack against its systems this morning, preventing users from accessing their online accounts.
Sure enough, if you visit HSBC UK’s online banking page right now you will be greeted with an apology from the company for the disruption to normal services.
Customers are advised to either wait it out, or to make use of the company’s telephone banking services instead.
We’d like to apologise to all our customers for Online Banking being unavailable.
We know how inconvenient this is and we are doing everything we can to rectify the problem.
Please try later.
An HSBC spokesperson has told the media that the company has successfully mitigated against the attack:
“HSBC internet banking came under a denial of service attack this morning, which affected personal banking websites in the UK. HSBC has successfully defended against the attack, and customer transactions were not affected. We are working hard to restore services, and normal service is now being resumed. We apologise for any inconvenience this incident may have caused.”
However, the fact that online banking remains currently inaccessible suggests that recovery is not yet complete.
As yet, there is no clear indication as to what may have motivated criminals to launch an attack against HSBC’s website. It does appear that it is becoming increasingly common for DDoS attackers to attempt to extort money from companies whose websites and online services they have disrupted, although I have not seen any confirmation from the bank as to whether they received a ransom demand or not.
Of course, it’s also possible that the motivation was not financial, but instigated by someone who has a grudge against the bank or, indeed, some kids doing it for a “laugh”.
It should go without saying that distributed denial-of-service attacks are no laughing matter and can result in their perpetrators receiving a stiff prison sentence.
If you bank with HSBC don’t panic. Although it’s irritating that you cannot access your online bank account, a DDoS attack is just disruptive – it doesn’t mean that the security of a website has been breached, or that your personal data might be at risk.
The bank said on Twitter that it is “working closely with law enforcement authorities to pursue the criminals responsible for today’s attack on our internet banking.”
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.