HSBC experienced a distributed denial-of-service (DDoS) attack Oct. 18 that disrupted a number of its Websites as hackers continue their cyber-attack campaign against financial institutions.
According to reports, the attack is apparently linked to hacktivists associated with Anonymous. In a Pastebin post, U.K.-based Fawkes Security took responsibility for the attack.
“As some of you may be aware HSBC bank suffered several DDoS attacks on the named sites in the past hours us.hsbc.com hsbc.co.uk hsbc.com hsbc.ca they were all brought down by #FawkesSecurity,” according to the post. “Before any claim [expletive] attempt to take ownership of this attack, the proof is all in our Twitter account, Targets, time and date :) @FawkesSecurity.”
In a statement, HSBC acknowledged its servers came under attack, affecting HSBC Websites around the world.
“This denial-of-service attack did not affect any customer data, but did prevent customers using HSBC online services, including Internet banking,” according to the company. “We are taking appropriate action, working hard to restore service. We are pleased to say that some sites are now back up and running. We are cooperating with the relevant authorities and will cooperate with other [organizations] that have been similarly affected by such criminal acts. We [apologize] for any inconvenience caused to our customers throughout the world.”
The DDoS against HSBC comes at a time when attacks on the financial industry have been in the spotlight. Wells Fargo Bank and Bank of America have also been hit by DDoS attacks. Moreover, EMC’s RSA security division warned earlier this month of an effort by cyber-criminals to launch a Trojan attack on 30 U.S. banks as part of a large-scale campaign.
In addition, last week Capital One Financial Corp. told the media that it had been hit with a cyber-attack. A group called Izz ad-Din al-Quassam Cyber Fighters took responsibility for the Capital One attack online. The same group has also claimed to be responsible for other attacks, such as a recent DDoS attacks against SunTrust Bank and BB&T. The group has claimed that it is protesting the presence of the anti-Islamic video ‘Innocence of Muslims’ on the Internet.
A recent report from security firm Prolexic Technologies reported that DDoS attacks have nearly doubled in frequency and tripled in size during the past year. According to Prolexic, the transition from attacks using botnets made up of low-bandwidth home computers to high-bandwidth corporate servers played a role in increasing the average attack bandwidth.
Some DDoS attacks have been perpetrated for political or hacktivist reasons, while others have tried to blackmail money out of large companies, noted Graham Cluley, senior technology consultant at Sophos. In many cases, the computers used in the attack will have been hijacked using malware–though in other cases, people willingly participate in DDoS attacks, he added.
“You can picture a distributed denial-of-service attack as being something like 15 fat men trying to get through a revolving door at the same time,” he blogged. “Nothing moves. Of course, denial-of-service attacks are no laughing matter.”