Following the news that Lloyds Bank was reportedly hit with a two-day-long DDoS attack, which led to customers being unable to check their account balances or make payments. IT security experts from Corero Network Security, ZoneFox and Infoblox commented below.
Sean Newman, Director at Corero Network Security:
“Recent service interruptions reportedly experienced by Lloyds Bank customers are just another example of the challenges faced by today’s online businesses. Consumer expectations of 24×7 service availability have created a genuine risk of lost revenue and lasting reputation damage, as a result of a DDoS attack which means the stakes are just too high to ignore.
“Best practices around resilient local, and wide-area, network design are well understood and typically implemented as a matter of course. However, the rapid pace at which the cyber threat landscape is evolving often leaves organisations unsure of where best to invest their available security budget. As DDoS has become a significant and worrying resurgence over recent years, organisations now need to ensure this targeted threat is considered as part of their risk profiling. Where every minute offline can be easily equated to significant amounts of lost revenue, and brand damage, the cost of protection is easily justified.
“Protecting against modern DDoS attacks, requires an always-on solution, which can react to attacks in true real-time, surgically removing the attack traffic, and ensuring legitimate traffic can proceed uninterrupted – only then, can services stay online, all the time.”
Jamie Graves, CEO at ZoneFox:
“While there aren’t any clear signs that the recent attack was aided from an inside source, complacency is not a viable excuse when it comes to delivering a robust cyber security strategy. It would be advisable for a company the size of Lloyds Bank to utilise User Behaviour Analytics (UBA) to deliver rapid insights and complete transparency on user activity and data flow. If the attacks are being used as a smokescreen for further criminal activity, UBA will prove invaluable and actionable information to defend the organisation against any further setbacks.”
Dr Malcolm Murphy, Technology Director Western Europe at Infoblox:
“The simplicity with which DDoS attacks can be generated using DNS infrastructure is what makes them so concerning. Hackers take control of a system, and use a spoof IP address of their target to send queries to name servers across the Internet. In turn, the name servers send back responses. Were these responses the same size as the queries themselves, this wouldn’t be enough to bring about the desired disruption. To wreak the most havoc, hackers use UDP-based DNS messages (messages using Internet Protocol to get data messages from one computer to another) to amplify the query to return the largest response possible – and sometimes even bringing in help from a botnet of thousands of computers and fellow comrades – to completely incapacitate a target.
Organisations must prioritise the ever-increasing threat posed to DNS if they want to successfully mitigate the risk of DDoS attacks. The steps to reduce an organisation’s DNS threat level are relatively simple, yet can massively help reduce exposure to attacks; these include learning to recognise when a DDoS attack is taking place; scrutinising their Internet-facing infrastructure for single points of failure; distributing external authoritative name servers geographically to avoid single points of failure; and overproviding their existing infrastructure.”