Cyber Incident Victim: ABN Amro
Date:
Jan 2018
Location:
Netherlands
Summary
ABN Amro and another major Dutch bank experienced repeated distributed denial-of-service (DDoS) attacks over a weekend, causing multiple extended disruptions to their internet banking, mobile banking, and iDeal payment services for customers. The financial institution faced three separate incidents during this period, compounding earlier disruptions from previous attacks that week, with service outages lasting several hours each time. While both banks confirmed no systems or customer accounts were breached, the attacks overwhelmed their servers with traffic, rendering digital platforms inaccessible. The Dutch central bank characterized such attacks as frequent operational challenges in the digital landscape, while retail industry representatives raised concerns about payment system reliability following the incidents.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
ABN Amro experienced multiple distributed denial-of-service (DDoS) attacks during the weekend of January 27-28, 2018, marking the continuation of cyber assaults that had occurred throughout that week. The bank suffered three separate attacks over this weekend, bringing the total to seven incidents within the same week. On Saturday evening, an attack disrupted ABN Amro's internet banking, mobile banking, and iDeal payment services for four hours. A second attack occurred Sunday afternoon, causing a two-hour outage of these digital platforms, followed by a third incident Sunday evening that lasted 2.5 hours starting at 19:00. Concurrently, ING Bank faced similar disruptions from a cyber attack on Sunday, though specific duration details for ING weren't provided. Both institutions confirmed their core banking systems and customer accounts remained secure despite the service interruptions. The attacks overwhelmed the banks' servers through excessive data traffic, rendering digital services inaccessible to customers during each incident period. Retail lobby group Detailhandel Nederland publicly expressed concerns about the stability of electronic payment systems following these repeated disruptions.
Dutch Central Bank president Klaas Knot addressed the incidents during a January 28 television appearance on Buitenhof, characterizing such cyber attacks as daily occurrences in 2018 while acknowledging their serious nature. He revealed that even the central bank's website faced constant attacks, experiencing attempted breaches every second. The central bank engaged in active discussions with affected financial institutions to expedite restoration of normal operations, though Knot stated investigators hadn't identified the attackers' origins or motives. Service functionality at both ABN Amro and ING had been fully restored by Monday morning following the weekend attacks. No customer financial losses or data breaches were reported, with the primary impact being temporary loss of digital banking access during attack windows. The repeated disruptions prompted public scrutiny of the resilience of critical financial infrastructure against increasingly common DDoS campaigns.