MADISON, Wis. (4/26/13)--With the increasing prevalence of Distributed Denial of Service (DDoS) cyberattacks, the Credit Union National Association is alerting credit unions to "chatter" that has been detected about a potential widespread attack that could be planned for May 7.
"It is not possible to assess the veracity of the threat at this time, but it is important that credit unions be aware and prepared at all times. Also, some of the largest credit unions are included in a list of targets for the purported May attack so heightened awareness is warranted," said CUNA Vice President of Information Technology Tom Nohelty Thursday.
DDoS attacks are attempts to disrupt or suspend online service by saturating a target's network with external communication requests to overload its server.
If a credit union is subject to an attack, Nohelty explains, it will see a "very large spike" in Internet traffic to its website from one or more IP addresses and their website will become unresponsive. Proactive measures a credit union can take include:
Alerting its network team to actively monitor in-bound Internet traffic that day. The team should be prepared to block traffic from specific IP addresses in an effort to maintain their website's ability to respond to normal business requests;
Consider alerting members about the Internet threat for May 7 and asking members to execute critical online banking business on a different day or come into the credit union office;
Educating call center staff on the symptoms of a denial of service attack so they can better serve the members and notify their network teams if an attack is underway. The call center staff should be prepared with alternatives to serve the members.
The National Credit Union Administration stepped into Washington's cybersecurity discussions earlier this year and identified policies and procedures to guard against DDoS attacks in a new credit union risk alert (13-Risk-01). The alert notes that the sophistication of such attacks require the vigilance of credit unions offering Internet-based financial services. (See resource link to read NCUA tips on mitigating issues presented by DDoS attacks.)
Also of note, the CUNA Technology Council is offering a free May1 webinar entitled, "Mitigating and Responding to a Distributed Denial of Service Attack." Speakers Bill Podborny, chief security officer of Alliant CU in Chicago, and Glen Roberts, information security researcher of University FCU in Austin, Texas, will lead the session, which is scheduled for 1 p.m. (CT).