Digitalization has radically changed banking – from a traditionally conservative sector to one of the most innovative. The flip side of this coin has been the acute dependence of banks on IT and thus their vulnerability to cyberattacks, including DDoS attacks.
Cyberattacks on financial organizations are particularly common against their websites, as well as applications that provide remote banking services (RBS). These are complex, multi-component software systems that are critical to both banks and their customers and provide many different digital services – from paying bills and receiving statements to transactions involving deposits, loans, and other financial assets. The unpleasant result of the complexity of these systems is the presence of a sufficiently large number of vulnerabilities. Some of them remain undetected despite the enormous efforts of bank information security specialists. Usually, attackers strike precisely at such vulnerabilities.
DDoS attacks are a particularly common form of cyberattacks on banks today. Their main goal is to render bank websites or services incapable of handling external requests. To this end, attackers organize massive streams of unauthorized requests to the resource selected as a victim, rendering it virtually inaccessible or severely degrading its performance. The popularity of DDoS attacks among attackers lies in their affordability and sufficiently high efficiency.
What are risks for bank customers?
The biggest DDoS risk for bank customers is that bank services will be unavailable during the attack. Customers of RBS systems are already accustomed to logging into the bank’s “personal account” or mobile application at any time and performing the necessary operations – payments, transfers, loans, opening and closing deposits, etc. And if the attackers launched an attack on the bank’s RBS services, then those services will most likely be inaccessible to customers, at least until the attack is over. This means that customers will not be able to easily and quickly top up their accounts by phone at the right time, help someone in their circle of relatives or friends with money, pay a receipt, or at least estimate the remaining funds in their accounts. Customers may not be able to pay with a card in a store or withdraw some cash from an ATM during the attack – it all depends on which Internet-connected banking resources were attacked by the DDoS attackers.
Possible, though less likely, is such a scenario: hackers organize a complex cyberattack on the bank, in which DDoS attacks play the role of a diversionary tactic. The goal is to focus the efforts of the bank’s cybersecurity specialists on defending against a DDoS attack, and while they are busy restoring the attacked services, attempt to hack the bank’s systems. The purpose of the hacking can vary widely – from posting provocative messages on the bank’s websites to stealing customers’ personal data, emptying their accounts and breaching the business logic of banking systems.
Can bank customers protect themselves from DDoS attacks? If the internet resources of the bank you are a customer of is attacked just when you need to perform some financial transactions through the RBS system, then you can try or simply wait until the RBS services are restored, or try, use another type of RBS – for example, a ATM or a mobile banking application instead of web applications “Internet banking” (the hope is that the attackers did not attack all these services at the same time), or perform the necessary operations through another bank (unless, of course, it is under attack).
What are risks for the banks?
In the event of a successful DDoS attack on RBS resources, banks will primarily receive less profit. Other current financial risks are associated with the possible outflow of customers, the termination of contracts with legal entities, and claims for damages from customers and their demands for compensation and fines.
Reputational losses caused by DDoS attacks can cause even greater damage to banks: Customers who are used to the constant availability of RBS services are very upset when they cannot perform the required operations at the right time and vent their displeasure on social networks, blogs and the media. A decline in loyalty and a wave of negativity in the market lead to an increase in the cost for banks to work with objections, as well as to strengthen the brand and attract and retain customers.
Also, banks should not underestimate the SEO risks associated with a decline in positions in search queries (SEO ratings) and violation of the correctness of the operation of visit counters. The decline in positions in the answers of popular search engines leads to the need to increase the cost of gaining and ensuring the right level of customer loyalty.
And, of course, the risks associated with a decline in information security and cyber risk resilience are quite real for banks – as we have said, DDoS attacks are often used in complex multi-vector attacks aimed at hacking and penetrating banks’ systems, and this is a serious risk to the financial business.
Can banks protect themselves against DDoS?
In short, yes, they can. There is protection against DDoS attacks – it is provided by anti-DDoS cloud service providers. The effectiveness of the protection depends primarily on the professionalism of the provider, the performance and architecture of its resources allocated for defending against DDoS attacks, and the quality of traffic filtering it is able to provide. In addition, the effectiveness of protection is influenced by the degree of vulnerability of the banking websites and services themselves and their resistance to DDoS attacks. Therefore, the quality of protection provided by different anti-DDoS service providers and even the level of protection provided by the same provider for similar resources in two different banks may differ significantly.
Ramil Khantimirov is the CEO & co-founder of StormWall, an international cybersecurity company. He has a PhD in Computer Science.
Before co-founding StormWall in 2013, Ramil had vast experience in both IT architecture and management. In his previous role as Senior Systems Engineer, Ramil created IT infrastructures for Russian industrial enterprises. Before that, he was within IT leadership of one of the largest Russian universities pioneering E-learning.
Ramil is a recognized expert in the field of cybersecurity. He is the author of many articles on protection from DDoS attacks and the speaker on many professional conferences, where he was the first to research the topic of protectability from DDoS attacks and the ways to improve it.
He aims to use the maximum of his knowledge and skills to improve safety and security of the Information society by creating the technology to protect against hackers and malefactors.