Internet Traffic Warns of Possible DDoS Attacks May 7

Internet chatter pointing to widespread Distributed Denial of Service (DDoS) attacks on May 7 has prompted a round of precautionary security alerts for credit unions. DDoS attacks attempt to disrupt online service by clogging the target’s network with communications that overload its server. U.S. banks and several credit unions experienced the inconvenience in a series of attacks last year, shutting out consumers attempting to use their online banking services. While the cyber attacks at this point have proven to be an unnerving nuisance, there has been no evidence money was stolen or transferred.

Internet chatter allegedly posted by the “hacktivist” group Anonymous now threatens to make May 7 a “day to remember” in America, in retaliation for so called war crimes in Iraq, Afghanistan and Pakistan.

The online posts prompted an advisory by the Credit Union National Association (CUNA).

“It is not possible to assess the veracity of the threat at this time, but it is important that credit unions be aware and prepared at all times,” noted Tom Nohelty, CUNA vice president of information technology. “Also, some of the largest credit unions are included in a list of targets for the purported May attack so heightened awareness is warranted,” he added.

Nohelty suggests proactive steps a credit union could take including:

  • Alerting its network team to actively monitor in-bound Internet traffic that day. The team should be prepared to block traffic from specific IP addresses in an effort to maintain their website’s ability to respond to normal business requests.
  • Consider alerting members about the Internet threat for May 7 and asking members to execute critical online banking business on a different day or come into the credit union office.
  • Educating call center staffs on the symptoms of a denial of service attack so they can better serve the members and notify their network teams if an attack is underway. The call center staff should be prepared with alternatives to serve the members.

David Curtis, Director of Compliance Services for the Northwest Credit Union Association (NWCUA), points to other key strategies for mitigating a DDoS attack:

  • Ensuring incident response programs include a DDoS attack scenario during testing and address activities before, during, and after an attack; and
  • Performing ongoing third-party due diligence, in particular on Internet and web-hosting service providers, to identify risks and implement appropriate traffic management policies and controls.

Curtis suggests credit union IT staff also review the risk alert 13-RISK-01 issued by the National Credit Union Administration (NCUA) earlier this year.

 

Questions? Contact Lynn Heider: 503.350.2225, lheider@nwcua.org.

Posted in Article Post.