Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

Washington
DDoS Group Says More FI Attacks Are Planned
WASHINGTON D.C. (7/25/13)--A  group responsible for several distributed-denial-of-service (DDoS) attacks against financial institutions over the past year announced its plans for further attacks against financial institutions, in an online posting on July 23, according to BankInfoSecurity.com. 
 
Mike Smith, from Akamai Technologies, an online security provider, warns that with each new phase of the group's attack, it creates a new format that most targets are not expecting.  
 
Whether the attack focuses on a new target, a larger botnet,  or new technologies, the Izz ad-Din al-Qassam Cyber Fighters employ unforeseen tactics as a response to the heightened DDoS-mitigation strategies financial institutions have implemented.
 
Since the group's first DDoS campaign launched Sept. 18, each phase has lasted longer than the one before. There is no estimated time frame for how long the fourth phase of the attacks will last but it is projected to last longer than the eight weeks that phase three claimed, the article predicts.
 
"Financial institutions should continue to be aware of the ongoing DDoS threats, and follow regulations on Internet and data security, as well as Federal Financial Institutions Examination Council  guidance on Internet authentication," said Dennis Tsang, regulatory counsel for the Credit Union National Association. (See resource link for the guidance.)
 
CUNA also encourages credit unions to be aware of  the National Credit Union  Administration's Risk Alert (13-Risk-01), which identifies  appropriate policies and procedures in for guarding against DDoS attacks for credit unions.  (see the resource link.)

To mitigate effects from DDoS attacks, the NCUA recommends that credit unions:
  • Perform risk assessments to identify risks associated with DDoS attacks;
  • Ensure incident response programs include a DDoS attack scenario during testing and address activities before, during, and after such an attack; and
  • Perform ongoing third-party due diligence, in particular on Internet related providers, to identify risks and implement appropriate traffic management policies and controls.
For a more in-depth look at how credit unions can protect themselves, CUNA's Credit Union Magazine has featured an article, "Learn Strategies to Mitigate Cyberattacks,"  in its April issue (members only). 
 
Also, the CUNA Technology Council has posted a recording of its May webinar on "Mitigating and Responding to a Distributed Denial of Service (DDoS) Attack," which features speakers including CUNA BITS Task Force member Bill Podborny, chief security officer of Alliant CU.

For more information on DDoS, please visit the CUNA members-only webpage to access supplemental resources from BITS.               
 
RSS print
News Now LiveWire
.@CFPB today finalized changes 2 remittance rule, proposed in April. See rule here: http://t.co/tPs6Mlimni
2 hours ago
State OKs Floridacentral #creditunion's bank branch purchase #NewsNow http://t.co/37uXorWsmV
4 hours ago
Today is deadline to order your T-shirt for #MiracleJeansDay @CU4Kids @CMNHospitals http://t.co/UXIqW3cFN6
4 hours ago
#Creditunion #100MM on display with @NWCUA's Minickiello, Wash. Rep. Sharon Tomiko Santos at @NCSLorg @CUNAadvocacy http://t.co/xVwnS39uEM
5 hours ago
Fraudsters hit @jpmorgan with smash and grab #phishing campaign http://t.co/VEkAvctYLJ
5 hours ago