Web Performance is a Journey, Not a Destination

Mehdi Daoudi

Subscribe to Mehdi Daoudi: eMailAlertsEmail Alerts
Get Mehdi Daoudi via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Blog Feed Post

A DDoS Attack Hit HSBC, Taking Them Down for Hours

HSBC reported a Distributed Denial of Service (DDoS) attack last Friday that resulted in an outage lasting several hours. Despite being isolated to the UK HSBC website (http://www.hsbc.co.uk/), the downtime left a lot of customers without any access to the banking site.

To add salt to the company’s already painful wound, the outage couldn’t have come at a worse time—the final Friday of the month is typically a payday for UK businesses, not to mention the end of January is also a critical time for tax returns.

The incident was reported Friday morning, however our charts displayed indicators that are typical of a DDoS attack as early as Thursday evening.

Webpage response times began to spike around 10:30 p.m. GT, with test failures beginning around 7:00 a.m. GT Friday. These failures included connection failures and test timeouts caused by increased latency while sending data.

HSBC performance chart

When you dig deeper into the data and other metrics available, you will see that it shows the servers were having issues delivering the bigger assets on the page, like jpg, png and js files, prior to the outage. This is evident by looking into the metrics that show the latency with sending the data from the servers, more specifically wait (time to first byte) and load (from first byte to last byte) times.

HSBC performance chart

Since the DDoS attack was impacting the web server’s ability to send data efficiently, they eventually failed to establish connections with the end users at all as the servers became overloaded. This led to frustration on both sides, as the outage lasted intermittently for several hours.

While it’s impossible to prevent all outages from happening, using a monitoring tool that delivers the ability to catch problems sooner can decrease your risk of failures and DDoS attacks. As a digital performance analytics platform, our customers are able to receive timing alerts on of any of the metrics discussed above, empowering them to preempt the attack before a failure occurs.

The customer experience should be the top priority for every digital business. Though it hasn’t been confirmed when exactly HSBC became aware of this issue, it’s clear that arming your business with the proper tools can mean the difference between experiencing a minor dip in performance and suffering a complete interruption of your users’ access to your site.


The post A DDoS Attack Hit HSBC, Taking Them Down for Hours appeared first on Catchpoint's Blog.

Read the original blog entry...

More Stories By Mehdi Daoudi

Catchpoint radically transforms the way businesses manage, monitor, and test the performance of online applications. Truly understand and improve user experience with clear visibility into complex, distributed online systems.

Founded in 2008 by four DoubleClick / Google executives with a passion for speed, reliability and overall better online experiences, Catchpoint has now become the most innovative provider of web performance testing and monitoring solutions. We are a team with expertise in designing, building, operating, scaling and monitoring highly transactional Internet services used by thousands of companies and impacting the experience of millions of users. Catchpoint is funded by top-tier venture capital firm, Battery Ventures, which has invested in category leaders such as Akamai, Omniture (Adobe Systems), Optimizely, Tealium, BazaarVoice, Marketo and many more.