Customers of Guaranty Trust Bank woke up to find news of a possible hack of the server of the bank as cybersecurity experts say the bank may have been a victim of Distributed Denial of Service (DDoS) a type of cyber attack that makes the bank and its customers unable to access the server.
The website of the bank according to cyber security experts had experienced a DDoS which is a type of network attack that is relatively simple to carry out, even by an unskilled attacker from multiple sources. A DoS attack results in some sort of interruption of network service to users, devices or applications.
DoS attacks are considered a major risk because they can easily interrupt communication and cause significant loss of time and money. Experts say there have been similar attacks in recent times, but it had largely gone unnoticed by customers.
Although social media platforms had been agog with news that the bank had been hacked and the domain of the bank’s website had been sold off, experts say this is not the case even as the communications team of the bank has been unreachable for comments.
According to ICT and development Advisory Consultant, Jide Awe, it could be any of two things. “It could be what we call a service attack, a DDoS attack where some attackers will just decide to overwhelm the server with messages which it has to respond to and it won’t be able to respond to it because it has been programmed to attend to a certain number of requests at a certain time.
“It could also be that it is an internal problem in the bank. Systems are things that can have problems at any time, then it could also be that there is scheduled maintenance. But where there is an issue is that the bank itself is supposed to have informed customers as to what is going on to quell customers’ anxiety.”
Also, an Information Systems Specialist, Engr Kude Hassan, noted that when it comes to cyber security the strength of the chain is as strong as its weakest link. Banks, every year lose money in billions. Some of them are APT attacks, Advanced Passage Signature attacks. Some of them are, normal attacks.
“For people who have credentials to access their front-end processors, they usually have a credential, a username, password, and then the authorization. They have multiple levels of authority for all of them.”
Explaining that institutional actors who want to gain access into the system and stay there to gather information, Hassan said “they go in there and then stay in there so that you get information not that they really want to steal money from you. What is done is to send packets to overwhelm the server. So, the main aim is not to steal money just to deny service for one reason or the other.”
Whilst the website of the bank is up and running, some experts say there may be more of such DDoS attacks on not just bank servers but other institutions in the country.