“We were down for about two hours,” said Steve Ewers, chiefinformation officer and a vice president at the $1.5 billionAustin, Texas, institution.
|In January, UFCU was also hit by a DDoS attack that knocked itoffline for around two and one-half hours.
|Patelco, the $3.8 billion Northern California credit union, onWednesday acknowledged it too was knocked offline by DDoS and, likeUFCU, it also suffered a January outage.
|In all instances, the perpetrator is believed to be theso-called al-Qassam Cyber Fighters, generally thought to be associatedwith Iran, although that link has not been substantiated.
|In the most recent UFCU attack – which occurred a day beforeUFCU was scheduled to present details of its January DDoS attack atthe NAFCU TechnologyConference in Austin, said Ewers – the attackers used “a moresophisticated, more powerful attack than we saw in January,”according to Ewers.
|In this attack, the attackers “tried to pull down a PDF from oursite,” generating multiple accesses and huge volumes of traffic.When UFCU detected that and changed the file name, “the attackersreacted very quickly and went after the new file name,” saidEwers.
|He also said much of the attack volume was generated via zombieservers and data centers that created dramatically more volume thando the typical botnets of hijacked personal computers.
|Ewers stressed that in neither case was member data compromisedand that there was no fraud committed in association with theDDoS.
|Ewers added that, as might be expected, attendee interest inhearing about UFCU and DDoS at the NAFCU event was extraordinarilyhigh. “The crowd was very engaged, very involved,” said Ewers.
|Ewers indicated that, looking ahead, UFCU has good confidenceabout its ability to handle future DDoS attacks. He elaborated thatUFCU, after the most recent outage, had concluded an agreement witha third-party DDoS mitigation provider.
|“We in fact were in negotiation with them when we suffered thesecond attack.” He declined to identify who UFCU had retained.
|As with Patelco, “our mobile banking never went down. Memberswho attempted to access us that way got in,” said Ewers.
|Ewers added that, with a new mitigation provider in place, UFCUbelieves it is taking all the right steps in terms of fighting backagainst DDoS.
|He stressed, “We can't say we will be 100% effective because wedon't know what attack is coming next. But we are taking the stepsto ensure member access to our services.”
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Critical CUTimes.com information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
- Exclusive discounts on ALM and CU Times events.
- Access to other award-winning ALM websites including Law.com and GlobeSt.com.
Already have an account? Sign In
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
