Device Hardening and Continuous Compliance MonitoringCONTINUOUS COMPLIANCE

Lloyds Bank was forced to go offline after a 48-hour Denial of Service (DDOS) attack crippled their systems and blocked access to 20 million UK accounts.

The DDoS attack went on for about 2 days, from January 11 to January 13th, as Lloyds, in addition to Halifax and Bank of Scotland, were bombarded with millions of fake requests designed to bring their systems to a standstill. The attack only affected the availability of services, and no customers suffered any financial loss.

In a DDoS attack, online systems are flooded with huge amounts of data, with hopes to overload the site and take services offline. This form of attack is generally conducted by hired competitors, hacktivists, or other interest groups. It is important to note that DDoS attack have been using in the past to hide other malicious activity going on within an organizations IT estate.

Lloyds has declined to comment on this issue, claiming, “We experienced intermittent service issues with internet banking between Wednesday morning and Friday afternoon the week before last and are sorry for any inconvenience caused. We had a normal service in place for the vast majority of this period and only a small number of customers experienced problems. In most cases if customers attempted another login they were able to access their accounts. We will not speculate on the cause of these intermittent issues.”

This DDoS attack comes just months after the Tesco Bank attack that left 9,000 Tesco customers with £2.5 million in fraudulent transactions. The shortly after that attack, the UK banking sector enacted contingency plans that enable members to share critical intelligence information in hopes to prevent these kinds of disruptive and damaging attacks.

Those affiliated with the financial industry should be well versed in Sarbanes-Oxley SOX compliance and what needs to be done to achieve, prove and remain compliant. SOX requires an organization to establish internal controls and procedures for financial reporting in an effort to reduce corporate fraud. This means your IT estate- servers, networks, and IT practices and operations- must be reinforced and configured to maintain and demonstrate compliance in the event of an audit. NNT’s Change Tracker Gen7 ensures IT systems are protected from fraud, with requisite audit trails provided to prove system integrity has been maintained, followed by systems hardening and provisioning a strict ‘principle of least privilege’ basis. 

 

 

Read this article on The Guardian

Products
USA Offices
New Net Technologies Ltd
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
emailUSinfo@nntws.com
UK Office
New Net Technologies Ltd
Spectrum House, Dunstable Road
Redbourn,
St Albans

Herts
AL3 7PR

Tel: 08456 585 005
Fax: 08456 122 031
emailinfo@newnettechnologies.com
NNT Newsletter
Sign up to receive our monthly newsletter covering breaking security news, how-to-tips, trends and commentary directly to your inbox.


Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
Copyright 2017, New Net Technologies Ltd. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies Ltd.
All other product, company names and trademarks are the property of their respective owners.