This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Major international bank hit by DDoS that leaves service interrupted for several days

Share this article:

The Dutch bank Rabobank was hit by a distributed denial-of-service (DDOS) attack last weekend that left customers and partners unable to access their accounts.

Rabobank Group, which describes itself as an international financial services provider, confirmed that it experienced some downtime on the weekend of the 19th and 20th February.

In a statement to SC Magazine it said: “The downtime experienced on the Rabobank internet site last weekend was caused by deliberate actions of an unknown party to overload the Rabobank network with large quantities of data. As a result, clients were unable to access the site.

“Rabobank has reported the incident to the police. The outage of the site meant that clients were unable to conduct internet and mobile banking transactions. At no time was there any intrusion into the bank's systems or customer data.”

It confirmed that the ‘problems' occurred on the evening of the 19th February and in the afternoon of Sunday 20th February. It also confirmed that it had made technical adjustments to ensure its security against possible new attempts to block access to the site.

“These measures required some providers to make additional adjustments to technical settings for access to the Rabobank site. As a result, in the following days the customers using these providers have only been able to conduct internet banking through a direct web address. By Tuesday evening all customers were able to access their accounts again,” a statement said.

Domain name system security provider IID said that the outage lasted four days, as Rabobank altered its DNS (domain name system) records for its website in order to deflect the attack.

Rod Rasmussen, president and CTO of IID, said that it was still gathering information of what actually happened, but based on the published reports it would appear that Rabobank redirected its primary DNS entries to a loopback or a sinkhole to squash the DDoS attack.

“That's a trick others have used in response to DDoS in the past, but based on the reported problems after they removed the redirect they didn't use a short time to live for the changes. So when it came back up, most people still had the wrong address cached to try to get to the bank's website or transaction systems meaning it didn't work for those customers for over a day. This was an apparent self-inflicted wound,” he said.

Asked on the best mitigation advice to better buffer DDoS attacks, Rasmussen said that if Rabobank or anyone is going to use a DNS 'trick' to escape a DDoS, they should use a relatively short time to live so that they can recover quickly after the attack abates.

He said: “Of course you don't want too short a time period, or you end up flooding your DNS servers too as the DDoS bots perform domain name lookups for their target.

“From the reports we've seen, it also doesn't appear that Rabobank informed all of its key partners of the situation to let them know to adjust their automated process. Basically anyone trying to do business online with Rabobank couldn't, and that was intentionally put in place by Rabobank themselves.  Thus iDeal, a key partner and major payment service had their business dramatically impacted by a third-party changing their online configuration, another self-inflicted wound.

“With notification, or even just monitoring of its vendor's online posture, iDeal would have been able to avoid the major service outage they suffered that went well beyond the Rabobank situation.  Outreach to key processors/partners/government needs to be part of any response plan where there's a major compromise or loss of service."

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Cyber security still a learning curve for most companies

Cyber security still a learning curve for most ...

Poor network visibility, outdated security tools, a skills shortage and a lack of control in the cloud are just some of the reasons companies are struggling with cyber-security, say two ...

WorldPay hacker sentenced to 11 years for role in £6 million scheme

WorldPay hacker sentenced to 11 years for role ...

An Estonian man, who helped hack payment processor RBS WorldPay in 2008, has now been sentenced to 11 years in prison for his involvement in the £5.9 (US$ 9.4 million) ...

'Sophisticated' Chinese hackers launched attacks against 43,000 computer systems

'Sophisticated' Chinese hackers launched attacks against 43,000 computer ...

A new report reveals that a Chinese cyber-espionage group is closely affiliated with government and carried out attacks against the likes of Fortune 500 companies and government agencies.