BALTIMORE Technology vendors across the country are taking steps to both caution client credit unions and reassure them regarding a rumored DDoS attack planned for May 7.
Several sources have urged credit unions to conduct a DDoS Preparedness Assessment to examine their options.
The threat follows what analysts say has been chatter online by people affiliated with the group Anonymous about such an attack, in which a financial institution’s website, servers or e-mail are flooded by an enormous volume of traffic, hence the name, Distributed Denial of Service. The primary purpose of warnings to credit unions with just about a week to go is to make them aware of the threat so they can monitor it and be prepared to respond, if need be. At least two credit unions, University FCU and Patelco, have been hit by DDoS attacks in the past.
Horsetail Technologies, for instance, said it views reports of the potential attack as “credible,” as it names a number of specific CUs. Horsetail noted a credit union whose core is accessed online rather than via a local server means a significant increase in DDoS risk.
Horsetail urged credit unions to:
* Understand and document what their Internet Service Provider is able to do at the provider level.
* Understand the limitations of the networking and information systems in their architecture, highlighting the “weakest links” in the network.
* Analyze the cost and benefits of increasing website capacity and resources.
* Ensure proper device configurations for the identification and mitigation of attacks.
* Document techniques for identifying the type and source of a DoS attack.
* Record detailed mitigation strategies for various types of attacks.
* Document a plan for public relations and communications that may need to occur.
