AUSTIN, Texas University (of Texas) FCU, which was hit by three different distributed denial of service attacks this winter and spring, successfully blocked the third attack using Prolexic’s DDoS mitigation services, called PLXproxy solution.
The $1.6 billion credit union’s online banking site was taken down in a Jan. 24 DDoS attack, then again on Feb. 25. After implementing Prolexic’se PLXproxy DDoS mitigation service, the credit union blocked a third DDoS attack on March 7.
"The March 7 attack had zero impact on our site thanks to DDoS protection by Prolexic," said Glen Roberts, infrastructure and security manager at University FCU. " The Prolexic mitigation service kicked in quickly, so there wasn't even a blip on our radar. You could tell that Prolexic was scrubbing that traffic out.”
On January 24 of this year, DDoS attackers targeted the firm's online banking URL and IP address and took down the website for 2 hours and 36 minutes. The attack peaked at 5.4 Gbps and lasted approximately two days before being mitigated by UFCU's in-house IT resources and the credit union's internet service provider. During the site downtime, UFCU members could not access online banking, apply for auto loans or download documents, thereby totally disrupting the credit union's services.
The credit union experienced a second DDoS attack on February 25, during which the online banking site was down for 4 hours and 6 minutes. Traffic peaked at 10.1 Gbps in a more sophisticated, randomized attack. The attackers' strategy employed a toolkit to flood servers with repeated PDF requests and later switch to a new attack signature that targeted University Federal’s external DNS over port 53. The attack was mitigated approximately two days later with assistance from the credit union Internet service provider.
The online banking site did not go down in the third DDoS attack and neither it's IT team nor credit union members realized that a DDoS attack had even taken place due to the effective DDoS mitigation techniques employed.
"Each company has its own incident response plan, but I think that every company should also have a DDoS-specific response plan, as well," said University Federal’s Roberts. "After UFCU's experience with DDoS attacks, I would encourage any credit union over $500 million in assets to seriously consider purchasing DDoS mitigation services."
