Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

DDoS Group Says More FI Attacks Are Planned
WASHINGTON D.C. (7/25/13)--A  group responsible for several distributed-denial-of-service (DDoS) attacks against financial institutions over the past year announced its plans for further attacks against financial institutions, in an online posting on July 23, according to 
Mike Smith, from Akamai Technologies, an online security provider, warns that with each new phase of the group's attack, it creates a new format that most targets are not expecting.  
Whether the attack focuses on a new target, a larger botnet,  or new technologies, the Izz ad-Din al-Qassam Cyber Fighters employ unforeseen tactics as a response to the heightened DDoS-mitigation strategies financial institutions have implemented.
Since the group's first DDoS campaign launched Sept. 18, each phase has lasted longer than the one before. There is no estimated time frame for how long the fourth phase of the attacks will last but it is projected to last longer than the eight weeks that phase three claimed, the article predicts.
"Financial institutions should continue to be aware of the ongoing DDoS threats, and follow regulations on Internet and data security, as well as Federal Financial Institutions Examination Council  guidance on Internet authentication," said Dennis Tsang, regulatory counsel for the Credit Union National Association. (See resource link for the guidance.)
CUNA also encourages credit unions to be aware of  the National Credit Union  Administration's Risk Alert (13-Risk-01), which identifies  appropriate policies and procedures in for guarding against DDoS attacks for credit unions.  (see the resource link.)

To mitigate effects from DDoS attacks, the NCUA recommends that credit unions:
  • Perform risk assessments to identify risks associated with DDoS attacks;
  • Ensure incident response programs include a DDoS attack scenario during testing and address activities before, during, and after such an attack; and
  • Perform ongoing third-party due diligence, in particular on Internet related providers, to identify risks and implement appropriate traffic management policies and controls.
For a more in-depth look at how credit unions can protect themselves, CUNA's Credit Union Magazine has featured an article, "Learn Strategies to Mitigate Cyberattacks,"  in its April issue (members only). 
Also, the CUNA Technology Council has posted a recording of its May webinar on "Mitigating and Responding to a Distributed Denial of Service (DDoS) Attack," which features speakers including CUNA BITS Task Force member Bill Podborny, chief security officer of Alliant CU.

For more information on DDoS, please visit the CUNA members-only webpage to access supplemental resources from BITS.               
RSS print
News Now LiveWire
@AdamMertzCUNA @CUNACraig @AnnHPeterson @CUEscan @cumagazine
2 hours ago
.@TheNCUA :Low-income CUs can expand services to members, train staff,collaborate for efficiencies w/more than $1M in grants awarded 2day
12 hours ago
.@CUNA joins 11 other financial service orgs urging @SenateFloor to take up #CISA to strengthen cybersecurity information sharing
13 hours ago
.@RedwoodCU and its staff donated a combined $5,100 toward AIDS Walk San Francisco. The CU is a longtime sponsor of the event.
13 hours ago
See the latest from @CUNA's CompBlog on Customer Due Diligence.
14 hours ago