Sophos Cloud Optix
HSBC has successfully recovered from a distributed denial-of-service (DDoS) attack which saw a number of its websites brought down, making it impossible for customers to use internet banking services.
The international bank stressed that no customer data was impacted by the attack in a statement posted on its website:
On 18 October 2012 HSBC servers came under a denial of service attack which affected a number of HSBC websites around the world.
This denial of service attack did not affect any customer data, but did prevent customers using HSBC online services, including internet banking.
We are taking appropriate action, working hard to restore service. We are pleased to say that some sites are now back up and running.
We are cooperating with the relevant authorities and will cooperate with other organisations that have been similarly affected by such criminal acts.
We apologise for any inconvenience caused to our customers throughout the world.
According to an update posted on its website, HSBC restored all of its websites globally to full accessibility as of 3:00am UK time.
DDoS attacks, which are illegal, occur when a criminal commands a number of computers to bombard a website with unwanted traffic.
In many cases, the computers used in an attack will have been hijacked by hackers using malware, and will be taking part in the assault without the knowledge of their owners. In other cases, people will willingly participate in a DDoS attack.
A co-ordinated deluge of web traffic can effectively clog up a website, preventing legitimate visitors from reaching the site, and bring it to its knees.
You can picture a distributed denial-of-service attack as being something like 15 fat men trying to get through a revolving door at the same time. Nothing moves.
Of course, denial-of-service attacks are no laughing matter.
Some DDoS attacks have been perpetrated for political or hacktivist reasons, while others have tried to blackmail money out of large companies.
Don’t allow your computer to be caught up in a denial-of-service attack. Now would be a good time to ensure that you have good defences in place to prevent your personal computer from being recruited for someone else’s online fight.
It might have been smarter for HSBC to distribute their computing resources further afield rather than hosting so much on a few units.- but being a bank they are cheap.
They have been hit ate various places around the world. The attacks in Korea and South America only affected those countries.
The American and Canadian operations share the same facilities. HSBC-CA even uses the US mail server!
Dumb.
Cheap? No; being a bank they believe in total control over their servers, data, DNS , everything…. can't quite get their head around the fact that cloud is sometimes safer. Clearly, distributed node presence would weather the mega DDoS that are getting commonplace. but first we have to lose the 'show me the server' mindset.
You would not believe the size of the IT budget.