Reactions to the planned May 7th DDoS attacks that may be aimedat financial institutions continue to swirl.

It was CUNA that on Friday raised the alarm with a websiteposting announcing the May 7th attacks – supposedly in the worksvia OpUSA, an arm of the hacker group Anonymous.

The big question for credit unions now is what to do, to preparefor this possible attac

Also Read:

• Was May 7 Only a Test?
• May 8: Attacks But No Time to Let GuardDown
• Mixed Views in LinkedIn Poll on May 7Warning
• No Takedowns Reported Tuesday
• Anonymous May 7 Target List IncludesCUs
• Krebs: DHS Memo Says 'More Bark ThanBite'
• Threat of the Week: May 7, Ready orNot
• CO-OP Issues DDoS White Paper
• CUNA Explains Thinking BehindWarning
• DDoS Attacks Often Fraud Diversions
• Mark Your Calendar (or Not) for May 7Attacks
• CUNA Issues May 7 DDoS Warning

At CUNA Mutual in Wisconsin, senior consultant, risk management,Ken Otsuka said Tuesday in an interview, “credit unions have totake DDoS seriously. They are at risk.”

The seriousness of the DDoS threat was underlined by CUNAMutual's release of a risk alert on April 24 that underlined thebelief that every credit union, regardless of size, needs to workup a DDoS mitigation strategy.

Otsuka stressed however that in most cases, little could in factbe done to protect an institution before the May 7 date.

He also stressed that to his mind the key is to make sure theonline banking and member account channels are wellprotected.

Said Otsuka, “Most credit unions don't have the budget to use athird-party DDoS mitigation provider. They will need to workwith their ISP or their web host to see what mitigation they canprovide.”

Not everybody is happy about this focus on a possible May 7 DDoSavalanche, however.

A vice president of IT at a Pennsylvania credit union complainedthat the reporting on May 7 has essentially been fearmongering.

“There is not much a credit union on its own can do,” hesaid. He also said that because of the CUNA warning he wasforced to prepare a report to his board of directors explainingDDoS and how to mitigate it.

“This is wasting my time,” he stressed.

Tom Cross, director of security research at Lancope, an Internetnetwork traffic and security firm, stressed, “It's important not tooverreact. I don't think the threats were aimed at credit unions inparticular.”

He added, “The reality is that there is a constant threat ofDDoS attacks if you are running a public facing website. You needto prepare for this. But it's not possible to develop and implementa plan in a week or two.”

Said Cross about a possible May 7th DDoS blitzkrieg. “It's anoccasion to take a deep breath and take a long-term view. I don'tthink people need to scramble to prepare for May 7.”

At least two credit unions – Patelco CU in California and University FCU in Texas – were hitin recent distributed denial of service attacks in which floods ofexternal communication requests overloaded servers and disruptedservice.