Banking DDoS attack in South Africa – Criminals love payday
Increased criminal activity around paydays every month is nothing strange, a spokesperson for Capitec has told MyBroadband.
Capitec’s comments were made in the context of a question about the distributed denial of service (DDoS) attacks that hit the banking sector on Wednesday.
Feedback from the banks suggests that the attacks are ongoing, but being mitigated.
“We see increased attempted criminal activity around paydays every month. Our systems detect this kind of activity and we were not affected,” said Capitec.
The South African Banking Risk Information Centre (SABRIC) addressed media on behalf of the banking industry, and confirmed the attacks.
SABRIC CEO Susan Potgieter said that the wave of attacks targeted various public-facing services across multiple banks.
“These attacks started with a ransom note which was delivered via email to both unattended as well as staff email addresses, all of which were publicly available,” said Potgieter.
“Threat intelligence which has surfaced has revealed that this is a multi-jurisdictional attack with entities from several countries being targeted and should therefore not be viewed as a targeted attack on South African companies only.”
Potgieter emphasised that DDoS attacks do not involve hacking or a data breach, and therefore no customer data is at risk.
However, DDoS attacks may cause service disruptions as they flood networks with junk traffic. Potgieter said that these disruptions will be minor, and will be limited to public-facing services.
“Robust defensive strategies have been invoked across the industry and we are confident that customer impact will be kept to a minimum,” Potgieter said.
“Despite our Banks preparedness and resilience, we will continue to monitor this situation very closely and respond as required.”
Not related to the attack on City of Johannesburg
Standard Bank has told MyBroadband that there is no connection between the recent outage of its banking services, and a reported attack on the City of Johannesburg.
“Standard Bank wishes to clarify that there was no link between an interruption in its banking services yesterday and an external cyber event that reportedly impacted the provision of public e-services,” the bank said.
Absa provided similar feedback, stating that they were hit by “adverse cyber incidents of some form or another” on a regular basis, and that these are dealt with in the normal course of business.
Absa said that to-date, it has not experience an instance where the bank’s own and customer information protection systems were breached.
Absa confirmed that the recent outage of its Internet banking services was due to DDoS attacks, also emphasising that it was not a hack. It added that the impact to its online services was brief.
FNB referred our questions to SABRIC.