MADISON, Wis. (1/23/13)--Two studies provide credit unions a measure of progress against cyberattacks such as commercial account takeovers and distributed denial of service. On the good side, fewer cybercriminals succeeded at account takeovers in 2012. On the bad: DDoS attacks were more frequent and had more oomph.
Financial institutions became more successful at preventing account takeovers and reducing the likelihood that funds would leave a given account, said the fourth Commercial Account Takeover Survey from the Reston, Va.-based Financial Services-Information Sharing and Analysis Center (FS-ISAC), working with the American Bankers Association
The data reflect financial institutions' evolving tactics to detect and prevent losses from these attacks. Among the findings:
- Cybercriminals made 2.11 attacks per 1,000 commercial customers in first half of 2012, compared with 3.42 per 1,000 in 2011. About 65% did not involve monetary transactions, compared with 53% in 2011 and 6% in 2009.
- In 9% of attacks, funds left the institution, compared with 12% in 2011 and 70% in 2009. Of those, 76% were wire transfers, with 4% automated clearing house and 18% check writing or other. That compares with 96%, 4% and 0% respectively in 2011.
- Of fraudulent transfers from financial institutions, 82% were wire transfers with 14% ACH and 4% check writing and other. That compares with 91%, 9% and 0%, respectively in 2011.
- Thirty-nine percent of losses involved were wire transfers, 52% were ACH and 9% check writing/other.
The most effective tactics at reducing account takeover fraud, said FS-ISAC, were:
- Customer education;
- Temporary shutdown of affected online customers' access;
- Manual review of ACH/wire transactions above a certain dollar amount;
- Analysis of customer login characteristics/patterns; and
- Interrogation of customer sessions to detect anomalies.
In the second study, DDoS attacks increased 25% during fourth quarter 2012 against a global client base, said Hollywood, Fla.-based Prolexic Technologies. The volume was the highest number of attacks it has logged for a single quarter.
When the results were compared with third quarter 2012 results, the company also saw:
- A 17% increase in total number of infrastructure attacks and 72% rise in application attacks;
- A 67% increase in average attack duration --to 32.2 hours from 19.2 hours;
- A 20% increase in average attack bandwidth from 4.9 to 5.9 Gbps; and
- China remained as the top source country for these attacks.
When results were compared with those of fourth quarter 2011, the study found:
- A 19% hike in total DDoS attacks;
- A 15% increase in infrastructure attacks and 30% rise in application attacks;
- A 6% decline in average attack duration to 32.2 hours from 34;
- A 13% increase in average attack bandwidth to 5.9 from 5.2 Gbps.
"The take away for businesses from this Q4 report is to make sure that their DDoS mitigation provider can handle attacks of 50 Gbps in a single location," said Prolexic CEO Scott Hammack. "When attacks are this large, it's important that the provider can mitigate this volume of attack traffic in one place and distribute it effectively so it does not compromise intermediary transit providers and affect others," he added.