Lloyds Bank was forced to go offline after a 48-hour Denial of Service (DDOS) attack crippled their systems and blocked access to 20 million UK accounts.

The DDoS attack went on for about 2 days, from January 11 to January 13th, as Lloyds, in addition to Halifax and Bank of Scotland, were bombarded with millions of fake requests designed to bring their systems to a standstill. The attack only affected the availability of services, and no customers suffered any financial loss.

In a DDoS attack, online systems are flooded with huge amounts of data, with hopes to overload the site and take services offline. This form of attack is generally conducted by hired competitors, hacktivists, or other interest groups. It is important to note that DDoS attack have been using this in the past to hide other malicious activity going on within an organizations IT estate.

Lloyds has declined to comment on this issue, claiming, “We experienced intermittent service issues with internet banking between Wednesday morning and Friday afternoon the week before last and are sorry for any inconvenience caused. We had a normal service in place for the vast majority of this period and only a small number of customers experienced problems. In most cases, if customers attempted another login they were able to access their accounts. We will not speculate on the cause of these intermittent issues.”

This DDoS attack comes just months after the Tesco Bank attack that left 9,000 Tesco customers with £2.5 million in fraudulent transactions. The shortly after that attack, the UK banking sector enacted contingency plans that enable members to share critical intelligence information in hopes to prevent these kinds of disruptive and damaging attacks.

Those affiliated with the financial industry should be well versed in Sarbanes-Oxley SOX compliance and what needs to be done to achieve, prove and remain compliant. SOX requires an organization to establish internal controls and procedures for financial reporting in an effort to reduce corporate fraud. This means your IT estate- servers, networks, and IT practices and operations- must be reinforced and configured to maintain and demonstrate compliance in the event of an audit. NNT’s Change Tracker Gen7 ensures IT systems are protected from fraud, with requisite audit trails provided to prove system integrity has been maintained, followed by systems hardening and provisioning a strict ‘principle of least privilege’ basis. 



Read this article on The Guardian

The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)

[email protected]

United Kingdom

5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023

 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2023, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.