The South African Banking Risk Information Centre (SABRIC) announced that the South African banking industry has been hit by a wave of DDoS attacks targeting consumer-facing services.

These attacks have also been accompanied by a ransom note, according to SABRIC.

DDoS attacks have become a major problem for South African companies lately, especially Internet service providers (ISPs) and local banks.

Numerous South African ISPs recently reported being targeted by DDoS attacks which caused major service interruptions.

These Distributed Denial of Service (DDoS) attacks began targeting local banks on 23 October 2019, resulting in interruptions to services such as online banking.

Standard Bank and other local banks experienced problems with online and mobile app banking following the start of the DDoS attack, but most of these services have since been restored.

Ransom note

SABRIC stated that these attacks began with a ransom note being delivered to unattended and staff email addresses, all of which were publicly available.

“Threat intelligence which has surfaced has revealed that this is a multi-jurisdictional attack with entities from several countries being targeted and should therefore not be viewed as a targeted attack on South African companies only,” the organisation said.

It is important to note that DDoS attacks like this one do not involve hacking or a data breach and therefore no customer data is at risk.

“Despite our banks’ preparedness and resilience, we will continue to monitor this situation very closely and respond as required,” said SABRIC acting CEO Susan Potgieter.

No security breach

Business Day previously reported that the banks had been affected by the same cyber attack which targeted the City of Joburg on 24 October.

This report stated that a group called the Shadow Kill Hackers had accessed sensitive data such as passwords and finance information and demanded a ransom from the city and South African banks.

South African banks have refuted this, however, stating that no information has been compromised and they have only been affected by DDoS attacks.

“We did not experience an incident of the kind described in that story about the City of Johannesburg,” Absa told MyBroadband.

“We do experience adverse cyber incidents of some form or another on a regular basis, and these are dealt with in the normal course. To date, we have not experienced an instance where the bank’s own and customer information protection systems were breached.”

Absa added that it informed its customers immediately when it had technical difficulties on Wednesday.

“Those arose from a Distributed Denial of Service attack, not a hack,” Absa said.

“Our defensive strategies were invoked across our systems and networks, and customer impact was kept to a minimum. We continue to monitor and are responding in real-time as needed.”

Standard Bank and Capitec told MyBroadband that their systems were not compromised and there had been no hack.

Now read: Standard Bank outage was not an attack