Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

DDoS Group Says More FI Attacks Are Planned
WASHINGTON D.C. (7/25/13)--A  group responsible for several distributed-denial-of-service (DDoS) attacks against financial institutions over the past year announced its plans for further attacks against financial institutions, in an online posting on July 23, according to 
Mike Smith, from Akamai Technologies, an online security provider, warns that with each new phase of the group's attack, it creates a new format that most targets are not expecting.  
Whether the attack focuses on a new target, a larger botnet,  or new technologies, the Izz ad-Din al-Qassam Cyber Fighters employ unforeseen tactics as a response to the heightened DDoS-mitigation strategies financial institutions have implemented.
Since the group's first DDoS campaign launched Sept. 18, each phase has lasted longer than the one before. There is no estimated time frame for how long the fourth phase of the attacks will last but it is projected to last longer than the eight weeks that phase three claimed, the article predicts.
"Financial institutions should continue to be aware of the ongoing DDoS threats, and follow regulations on Internet and data security, as well as Federal Financial Institutions Examination Council  guidance on Internet authentication," said Dennis Tsang, regulatory counsel for the Credit Union National Association. (See resource link for the guidance.)
CUNA also encourages credit unions to be aware of  the National Credit Union  Administration's Risk Alert (13-Risk-01), which identifies  appropriate policies and procedures in for guarding against DDoS attacks for credit unions.  (see the resource link.)

To mitigate effects from DDoS attacks, the NCUA recommends that credit unions:
  • Perform risk assessments to identify risks associated with DDoS attacks;
  • Ensure incident response programs include a DDoS attack scenario during testing and address activities before, during, and after such an attack; and
  • Perform ongoing third-party due diligence, in particular on Internet related providers, to identify risks and implement appropriate traffic management policies and controls.
For a more in-depth look at how credit unions can protect themselves, CUNA's Credit Union Magazine has featured an article, "Learn Strategies to Mitigate Cyberattacks,"  in its April issue (members only). 
Also, the CUNA Technology Council has posted a recording of its May webinar on "Mitigating and Responding to a Distributed Denial of Service (DDoS) Attack," which features speakers including CUNA BITS Task Force member Bill Podborny, chief security officer of Alliant CU.

For more information on DDoS, please visit the CUNA members-only webpage to access supplemental resources from BITS.               

News Now LiveWire
#DDoS attacks shorter, intense, more expensive: @VERISIGN
45 minutes ago
eCommerce sites at risk of hacking as well
1 hour ago
As of Friday pm,#CUs, state CU leagues, CUNA & others had sent 1,654 comment letters on the @TheNCUA 's #RBC2015 plan
1 hour ago
#DDoS attacks can expose weaknesses that cybercriminals can exploit.
2 hours ago
.@voxdotcom asks: is 2015 the year Congress takes action on patent trolls?
2 hours ago