Lloyds DDoS attack was launched by a hacker attempting to extort £75,000 from the bank – report
A hacker reportedly demanded the bank to pay him a 'consultation fee' to not exploit security vulnerabilities.
A hacker has reportedly claimed responsibility for launching a targeted distributed-denial-of-service (DDoS) attack against Lloyds. The attack was allegedly launched as part of an extortion strategy, which involved the hacker demanding around £75,000 ($93,800) from the bank, according to a report.
An anonymous hacker told Motherboard that he/she contacted Lloyds on 11 January by email, informing the bank about the security vulnerabilities. The hacker reportedly also demanded the bank to pay a "consultation fee" in bitcoins.
"Once paid, the services will be back online, you will get a list of flaws related to both services, along with our disappearance," the alleged email reads. The bitcoin address included in the email allegedly received no funds, indicating that hacker'sextortion attempt remained unsuccessful, the Motherboard report said.
Lloyds previously told IBTimes UK that the banking group experienced "intermittent service issues with internet banking between Wednesday morning and Friday afternoon the week before last." However, the bank has yet to either confirm or deny that the cause of the issue was a DDoS attack.
The National Cyber Security Centre is believed to be working alongside Lloyds to look into the incident, BBC reported.
Reports speculate that the bank's intermittent service issues could likely have been caused by Lloyds' in-house security experts possibly employing geo-blocking methods to mitigate the attacks. Geo-blocking involves placing barriers over the server launching the attacks, forcing the hackers to move to another server to continue the assault.
Chair of the House of Commons Treasury select committee Andrew Tyrie told the Guardian, "The attack on Lloyds was deeply troubling. Thousands of customers were affected by this, the latest in a long list of failures and breaches of banking IT systems," he said. "As I have already pointed out, it is time to consider whether a single point of responsible for cyber risk in the financial services sector is now required."
IBTimes UK has reached out to Lloyds for further clarity on the matter and will update this article in the event of a response.
© Copyright IBTimes 2024. All rights reserved.