Dutch banking giant, ABN AMRO has tweeted to users that it is experiencing a Distributed Denial of Service (DDoS) attack at the moment.
The impact of the attack is that some customers are unable to connect to the banks services. The attacks seems to be limited in its scope. Some users seem to be able to get in while others are completely blocked.
Response from users have been interesting. While some customers have tweeted support for the bank, others have been less forgiving. One customer tweeted “Again? Then invest some money to prevent these attacks, because there is no shortage at ABN AMRO, this is worthless, yet another one in a week’s time.” They are not alone. Several tweets highlight that this is not the first nor do they believe it will be the last time ABN AMRO will be attacked.
According to Kirill Kasavchenko, principal security technologist, EMEA at NETSCOUT Arbor: “Banks are targeted frequently, and with increasingly sophisticated multi-vector attacks. Regardless of whether these attacks are ideologically motivated or for financial gain, banks owe it to their customers and their employees to test their processes frequently to ensure they can sustain service availability through an attack.
“The weapons on the battlefield are ever-changing, so defences must evolve in parallel. Co-operation and information sharing are at the heart of this, as they allow all parties to best prepare based on the current threat landscape. To get this right, the cybersecurity community, financial organisations, and government must improve inter-organisation communication and information flow. Collaboration can only be a good thing.”
A never ending cycle of DDoS attacks
ABN AMRO has been the target of DDoS attacks for several months. Who is behind them is still not clear. Earlier this year NL Times claimed that security vendor ESET had tracked the attacks to a Russia-based group. ESET denied this and claimed the journalist had misrepresented what they had been told.
In April, two actions by law enforcement gave ABN AMRO hope that the attacks were over. The first action saw the Dutch Team High Tech Crime (THTC) arrest an individual known as Jelle S for using the IoTtoop botnet to attack banks and government websites in The Netherlands. The second was Operation PowerOFF which closed the Webstresser site. This was a cyber attack for hire website used to launch DDoS attacks against financial institutions including, it is believed, ABN AMRO.
However, it is now clear that while both those actions might have slowed the rate of attacks, they have not stopped them. ABN AMRO is left, therefore, wondering who is behind them and what they want. So far, there is no indication that this is about a ransom. However, it could be a distraction to install malware on the banks IT systems or even exfiltrate data. At the moment, ABN AMRO is not saying what it believes is behind this and is not responding to emails asking for more information.
What does this mean
This is not a good time for any bank to be talking about a DDoS attack. Three days ago, industry analyst firm CACI claimed that over 72% of the UK population will be banking via a phone app by 2023. Those customers will expect a trusted and reliable service or else they will go elsewhere.
Kasavchenko commented: “In today’s world, most people interact with their banks online – whether they’re making a payment, moving money between accounts, or just checking a balance. This is why it has never been more important for banks to protect the availability and integrity of their systems. The financial sector is all too aware of the very real cyber threats lying in wait, and most organisations have robust software and solutions in place. Yet this DDoS attack on ABN AMRO proves that even big companies are not immune to disruption.”