Over a million developers have joined DZone.

A DDoS Attack Hit HSBC, Taking Them Down for Hours

DZone's Guide to

A DDoS Attack Hit HSBC, Taking Them Down for Hours

Security: it's not just an IT concern, but a business issue. HSBC was smacked with a DDoS attack, and went down for several hours. Check out the performance problems that hit HSBC with this DDoS attack.

· Performance Zone
Free Resource

Discover 50 of the latest mobile performance statistics with the Ultimate Guide to Digital Experience Monitoring, brought to you in partnership with Catchpoint.

HSBC reported a Distributed Denial of Service (DDoS) attack last Friday that resulted in an outage lasting several hours. Despite being isolated to the UK HSBC website (http://www.hsbc.co.uk/), the downtime left a lot of customers without any access to the banking site.

To add salt to the company’s already painful wound, the outage couldn’t have come at a worse time—the final Friday of the month is typically a payday for UK businesses, not to mention the end of January is also a critical time for tax returns.

The incident was reported Friday morning, however, our charts displayed indicators that are typical of a DDoS attack as early as Thursday evening.

Web page response times began to spike around 10:30 p.m. GT, with test failures beginning around 7:00 a.m. GT Friday. These failures included connection failures and test timeouts caused by increased latency while sending data.

HSBC performance chart

When you dig deeper into the data and other metrics available, you will see that it shows the servers were having issues delivering the bigger assets on the page, like jpg, png and js files, prior to the outage. This is evident by looking into the metrics that show the latency with sending the data from the servers, more specifically wait (time to first byte) and load (from first byte to last byte) times.

HSBC performance chart

Since the DDoS attack was impacting the web server’s ability to send data efficiently, they eventually failed to establish connections with the end users at all as the servers became overloaded. This led to frustration on both sides, as the outage lasted intermittently for several hours.

While it’s impossible to prevent all outages from happening, using a monitoring tool that delivers the ability to catch problems sooner can decrease your risk of failures and DDoS attacks. As a digital performance analytics platform, our customers are able to receive timing alerts on of any of the metrics discussed above, empowering them to preempt the attack before a failure occurs.

The customer experience should be the top priority for every digital business. Though it hasn’t been confirmed when exactly HSBC became aware of this issue, it’s clear that arming your business with the proper tools can mean the difference between experiencing a minor dip in performance and suffering a complete interruption of your users’ access to your site.

Is your APM strategy broken? This ebook explores the latest in Gartner research to help you learn how to close the end-user experience gap in APM, brought to you in partnership with Catchpoint.

ddos ,security ,web

Published at DZone with permission of Mehdi Daoudi, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.


Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.


{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}