Resona Bank hit again by suspected cyberattack

Oh, how thoughtful - Resona Bank "apologizes" while letting cybercriminals waltz in and wreak havoc. And here I was thinking RB were one of the better banks... well, the joke's on me for getting sucked in by their fancy English interface investment app.

Yep, just more pencil-necked corporate incompetence dressed up with a sheepish, half-hearted apology!

Jay, I'm intrigued. Do you have programming experience? And can you enlighten us, and the countless corporations who have come under cyber attack in recent years, on how to prevent the cybercriminals from "waltzing in and wreaking havoc." I'm all ears!

Do you have programming experience? And can you enlighten us, and the countless corporations who have come under cyber attack in recent years, on how to prevent the cybercriminals from "waltzing in and wreaking havoc." I'm all ears!

Don't need to be a chef to know when the food is burned. Buggered if I have an answer for you right now, but at the same time, we should also know better than to pretend that basic cybersecurity is some kind of arcane wizardry only the chosen few can grasp. Maybe these corporations could start by not leaving the digital equivalent of their doors wide open with a neon sign saying, "Hack me".

Thanks.

The bank has not hired the right people, these things can be mitigated! It's crazy a bank doesnt have the right tools to secure anything.

I believe a few years ago it came to light that you had a government official in charge of cybersecurity and he was asked by reports about MFA and he did not know what that was.

Remember that this is Japan. Everyone says the same thing. It's not about qualifications. If you're an old Japanese man the hierarchy just gives you power regardless of how unqualified you are.

As someone who works in cybersecurity with clients in the financial industry too, I find it amusing how much opinion there is in the comments for so much lack of knowledge.

A DDoS can literally hit anyone. No matter how "good" of a DDoS protection you have, the more coordinated and more diversified a DDoS attack is, the more likely it is to take a service offline. And yes, even if you're behind DDoS protection, a large attack can just take the protection offline too, as seen when multiple cloud services and "DDoS protected by Cloudflare" have been struggling with DDoS protection in the past too.

The financial industry is, no surprise here, probably one of the most regulated and secured sectors out there. To say that "criminals waltzed in and wreaked havoc" or "that it didn't hire the right people" is pretty ignorant. If there was actually a breach or malware infection or anything else, then I'd be the first to say such things and report them to the JFSA for obvious negligence, but not with DDoS. Y'all underestimate the sheer magnitude of such events and how little you can actually realistically do against it.

Maybe the Japanese banking sector pissed somebody off, seeing how Mizuho also suffered a DDoS in the recent past. Or someone was bored. Something something something.

Japan generally seems to be the primary destination for DDoS attacks right now, according to colleagues in monitoring. Be prepared for more outages to come.

I'm sorry you are wrong, plan well and you can mitigate, you can continuely shift and move endpoints so DDos can't take effect. Your only problem would be a DOS attack to take down the entire DNS service at that point.

I'm sorry you are wrong, plan well and you can mitigate, you can continuely shift and move endpoints so DDos can't take effect. Your only problem would be a DOS attack to take down the entire DNS service at that point.

Resona is hosted by Akamai - which already offers professional DDoS protection. This alone should be an indicator that the attack was most likely bigger than the defense that was offered by Akamai. (duh!)

This ain't the 2000s where some kids DDoS your IP with LOIC and you can "shift and move endpoints" (as if current age DDoS attacks even target "endpoints" anymore lol) or blacklist some IPs and the attack is done. We are talking about current age professionally coordinated DDoS attacks utilizing millions of infected hosts and services with spoofed IPs, carrying enough oomph behind them to overload ISP-grade services. It's neither as simple nor as easy as you make it out to be, If it was, nobody would need DDoS protection ever. And yes, such attacks frequently also not only take out just the DNS service, but other more upstream infrastructure in the data center too. Most of the times, you're considered "lucky" if it just knocked your DNS instead of your whole external-facing infrastructure offline.

I hope you were able to learn something. You're welcome. ;)

Yeah, DDoS nowadays overloads whole AD, does not target some puny single or a couple of IPs. And if Akamai couldn't survive this, and they started as a DDoS protection company, then good luck. There's a certain budget companies are willing to spend on prevention, too.

But "spoofed IPs" is pushing it a bit, two decades too late. ;-)

Oof phones. Not AD, AS. Autonomous System.