Cyber Incident Victim: ING Group
Date:
Jan 2018
Location:
Netherlands
Summary
ING and another major Dutch bank experienced repeated distributed denial-of-service (DDoS) attacks targeting their online banking platforms, rendering internet banking, mobile services, and payment systems inaccessible for multiple hours over a weekend. The attacks overwhelmed servers with excessive traffic but did not compromise internal systems or customer accounts. Service disruptions occurred during several distinct attack waves, with one institution reporting cumulative outages exceeding eight hours across three incidents. The central bank acknowledged such cyber assaults as routine operational challenges while collaborating with financial institutions to restore functionality. A retail industry group raised concerns about the stability of electronic payment infrastructure following the incidents. Both banks resumed normal operations after mitigating the attacks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Between January 27-28, 2018, Dutch financial institutions ABN Amro and ING experienced a series of distributed denial-of-service (DDoS) attacks disrupting critical customer-facing services. The attacks began on Saturday, January 27, with ABN Amro suffering three separate incidents over the weekend – a four-hour outage Saturday evening, a two-hour disruption Sunday afternoon, and a 2.5-hour service interruption starting at 19:00 Sunday evening. These brought ABN Amro's total to seven cyberattacks within that week. ING confirmed a separate DDoS incident on Sunday, January 28, though specific duration details weren't disclosed. Both institutions reported complete restoration of services by Monday morning. The attacks specifically targeted internet banking platforms, mobile banking applications, and iDeal – the Netherlands' predominant online payment system – rendering these services completely inaccessible during outage periods. Bank representatives emphasized no evidence of system breaches or unauthorized account access occurred, confirming the attacks solely overwhelmed infrastructure through excessive data traffic.
The banks activated incident response protocols to mitigate service disruptions, with ABN Amro publicly documenting attack timelines and ING issuing formal apologies to customers on Monday morning. Dutch Central Bank (DNB) President Klaas Knot characterized such attacks as routine operational challenges, revealing the DNB website itself sustained attacks "every second" during this period. Knot confirmed DNB's coordination with affected banks to accelerate service restoration, describing cybersecurity as a "serious business" reflecting 2018's threat landscape. Retail lobby group Detailhandel Nederland publicly raised concerns about payment system reliability following the incidents, highlighting broader economic apprehensions beyond immediate banking operations. Neither the banks nor regulatory authorities identified threat actors responsible for the attacks during initial disclosures.