Reactions to the planned May 7th DDoS attacks that may be aimed at financial institutions continue to swirl.
It was CUNA that on Friday raised the alarm with a website posting announcing the May 7th attacks – supposedly in the works via OpUSA, an arm of the hacker group Anonymous.
The big question for credit unions now is what to do, to prepare for this possible attac
Also Read:
- Was May 7 Only a Test?
- May 8: Attacks But No Time to Let Guard Down
- Mixed Views in LinkedIn Poll on May 7 Warning
- No Takedowns Reported Tuesday
- Anonymous May 7 Target List Includes CUs
- Krebs: DHS Memo Says 'More Bark Than Bite'
- Threat of the Week: May 7, Ready or Not
- CO-OP Issues DDoS White Paper
- CUNA Explains Thinking Behind Warning
- DDoS Attacks Often Fraud Diversions
- Mark Your Calendar (or Not) for May 7 Attacks
- CUNA Issues May 7 DDoS Warning
At CUNA Mutual in Wisconsin, senior consultant, risk management, Ken Otsuka said Tuesday in an interview, “credit unions have to take DDoS seriously. They are at risk.”
The seriousness of the DDoS threat was underlined by CUNA Mutual's release of a risk alert on April 24 that underlined the belief that every credit union, regardless of size, needs to work up a DDoS mitigation strategy.
Otsuka stressed however that in most cases, little could in fact be done to protect an institution before the May 7 date.
He also stressed that to his mind the key is to make sure the online banking and member account channels are well protected.
Said Otsuka, “Most credit unions don't have the budget to use a third-party DDoS mitigation provider. They will need to work with their ISP or their web host to see what mitigation they can provide.”
Not everybody is happy about this focus on a possible May 7 DDoS avalanche, however.
A vice president of IT at a Pennsylvania credit union complained that the reporting on May 7 has essentially been fear mongering.
“There is not much a credit union on its own can do,” he said. He also said that because of the CUNA warning he was forced to prepare a report to his board of directors explaining DDoS and how to mitigate it.
“This is wasting my time,” he stressed.
Tom Cross, director of security research at Lancope, an Internet network traffic and security firm, stressed, “It's important not to overreact. I don't think the threats were aimed at credit unions in particular.”
He added, “The reality is that there is a constant threat of DDoS attacks if you are running a public facing website. You need to prepare for this. But it's not possible to develop and implement a plan in a week or two.”
Said Cross about a possible May 7th DDoS blitzkrieg. “It's an occasion to take a deep breath and take a long-term view. I don't think people need to scramble to prepare for May 7.”
At least two credit unions – Patelco CU in California and University FCU in Texas – were hit in recent distributed denial of service attacks in which floods of external communication requests overloaded servers and disrupted service.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
