HSBC online banking taken down in denial-of-service attack
Bank claims that it 'successfully defended' its systems - but online service remains down
HSBC's online services were taken down today following a distributed denial-of-service (DDoS) attack that, it claims, it has successfully fought off. The attack has left HSBC customers unable to conduct online business, with the bank advising customers to call its contact centre or to go into a branch instead.
The attack may affect customers on pay day and comes two days ahead of the deadline for filing self-assessment tax returns and paying personal taxes.
HSBC claims that no personal details have been compromised - assuming that the attack was not a cover for anything more malicious.
"HSBC internet banking came under a denial-of-service attack this morning, which affected personal banking websites in the UK," said a spokesman for the bank. "HSBC has successfully defended against the attack, and customer transactions were not affected. We are working hard to restore services, and normal service is now being resumed," the bank said in a statement.
Quick off the mark to comment, Brian Spector, CEO of security software company Miracl, questioned HSBC's underlying security technology. "Not even the largest financial institutions on earth are immune from cyberattacks that disrupt business operations. HSBC is using antiquated authentication technology, what else is not up to speed such that one of the world's largest banks has been taken offline?" he asked.
He continued: "HSBC are claiming to have 'successfully defended' the attack but if your main business is taken offline, and your website is unreachable, you have not successfully defended yourself."
Mark James, security specialist at IT security company ESET, added: "DDoS attacks, regardless of motive, are never good for any organisation, whether they are driven purely as a means to cause downtime, force the owner to pay extortion fees or as a cover for malware activity it affects the users the most. HSBC have said that 'HSBC UK internet banking was attacked this morning. We successfully defended our systems'.
"But what's the real damage caused? Just stopping people accessing their systems seems pointless unless it's driven from a competitor (extremely unlikely); making a vocal statement about what they do or don't do from a moral standpoint (not this case) so maybe it's a cover to test, damage or control their online systems. At this stage its only hearsay or rumour and I am sure we will find out sooner or later."