“We were down for about two hours,” said Steve Ewers, chief information officer and a vice president at the $1.5 billion Austin, Texas, institution.

In January, UFCU was also hit by a DDoS attack that knocked it offline for around two and one-half hours.

Patelco, the $3.8 billion Northern California credit union, on Wednesday acknowledged it too was knocked offline by DDoS and, like UFCU, it also suffered a January outage.

In all instances, the perpetrator is believed to be the so-called al-Qassam Cyber Fighters, generally thought to be associated with Iran, although that link has not been substantiated.

In the most recent UFCU attack – which occurred a day before UFCU was scheduled to present details of its January DDoS attack at the NAFCU Technology Conference in Austin, said Ewers – the attackers used “a more sophisticated, more powerful attack than we saw in January,” according to Ewers.

In this attack, the attackers “tried to pull down a PDF from our site,” generating multiple accesses and huge volumes of traffic. When UFCU detected that and changed the file name, “the attackers reacted very quickly and went after the new file name,” said Ewers.

He also said much of the attack volume was generated via zombie servers and data centers that created dramatically more volume than do the typical botnets of hijacked personal computers.

Ewers stressed that in neither case was member data compromised and that there was no fraud committed in association with the DDoS.

Ewers added that, as might be expected, attendee interest in hearing about UFCU and DDoS at the NAFCU event was extraordinarily high. “The crowd was very engaged, very involved,” said Ewers.

Ewers indicated that, looking ahead, UFCU has good confidence about its ability to handle future DDoS attacks. He elaborated that UFCU, after the most recent outage, had concluded an agreement with a third-party DDoS mitigation provider.

“We in fact were in negotiation with them when we suffered the second attack.” He declined to identify who UFCU had retained.

As with Patelco, “our mobile banking never went down. Members who attempted to access us that way got in,” said Ewers.

Ewers added that, with a new mitigation provider in place, UFCU believes it is taking all the right steps in terms of fighting back against DDoS.

He stressed, “We can't say we will be 100% effective because we don't know what attack is coming next. But we are taking the steps to ensure member access to our services.”

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.