Patelco has confirmed that on Monday the large NorthernCalifornia credit union was down for “around two hours” in aDistributed Denial of Service (DDoS) attack which overwhelms a webhost with data, effectively knocking it out of commission.

Speaking in an informal interview at a CUNA GAC event onTuesday, Ken Burns, CEO of the $3.8 billion Pleasanton, Calif., corroboratedthe two-hour outage.

Burns indicated that the upside is that, in January, in a firstattack, the credit union was down for over five hours so the responses it implemented at that point hadbenefits.

But Burns also indicated he expected better and would bereviewing next steps with his internal IT staff and a third-partyDDoS mitigation contractor Patelco has retained. He declined toname the contractor.

Last week NCUA issued its first DDoS “risk alert,” advising credit unionson must do's in regard to this disruptive attack format.

The current Patelco attack appeared to be the work of the samehighly skilled group that perpetrated the first, theso-calledal-QassamCyber Fighters, generally thought to be associated with Iran,although that link has not been proven.

In the recent Patelco attack, only the member-facing website wasimpacted, said Burns. He elaborated that mobile banking, forinstance, still had normal functioning throughout the attack. He also stressed there was no indication of any frauds committed inassociation with the DDoS attack, which had been a warning in theNCUA alert.

Respected security blogger Brian Krebs last week reported on a $900,000 cyber theft at San Francisco-based Bankof the West that, reported Krebs, was committed in association witha DDoS attack. The DDoS appears to have been used to confuse anddistract bank IT security.

Burns stressed nothing of that kind had occurred at Patelco.