Over the last two years, the number of online attacks targeting the customers of financial institutions has more than tripled. Fraud schemes have become so pervasive that most credit unions have to assume their member data will soon be targeted by criminals through various online attack vectors. With the recognition that attacks are imminent and ongoing, one of the most important steps a credit union can take is to make sure its around-the-clock incident response plans are up-to-date.

Phishers are becoming savvier in the timing of their threats. In today's dynamic, always-on environment, cyber criminals continue to look for vulnerabilities in an organization's security plans to exploit susceptible customers. Increasingly, phishers have moved to targeting organizations on long weekends and holidays.

We saw a significant spike in phishing attacks over Thanksgiving weekend, with more than a 300% jump in attacks compared to the average number of phishing attacks seen in the previous week. This spike highlights a one-day tactic often used by phishers to target small credit unions on long holiday weekends when these institutions often do not have the always-on security teams in place to respond to and eliminate threats. By targeting these small credit unions, phishers are more likely to successfully evade detection and prolong the eventual take down of their fraudulent Web sites.

The rapidly changing nature of online attacks can quickly render obsolete response plans put in place just a year ago. In addition to attacks looking to capitalize on smaller credit unions and businesses, which may not have the around-the-clock security teams in place, the increasing numbers of Internet threats that target credit unions from far regions of the world are becoming an increasing concern for many small and local organizations. Attacks emanating from Eastern Europe and Asia typically require more time, different relationships, and often new language skills in order to eliminate fraudulent sites and other online activity.

For example, the number of blended online attacks that leverage financial brands to distribute malware has more than doubled from the beginning of 2007. And of these malware attacks, more than 70% of the malicious downloads are delivered by Web sites hosted by Internet Service Providers outside the United States. It's vital that security professionals have response plans in place to deal with attacks originating in these foreign nations.

As phishing attacks have recently evolved, so too have the requirements for taking down phishing sites. During 2007, phishing attacks became far more sophisticated–mostly due to the efforts of a largely unknown hacker group known as Rock Phish. This group is widely believed to be responsible for more than 50% of recent phishing attacks.

Perhaps more importantly, Rock Phish appears to be one of the pioneers of “fast flu–a new technique used in phishing attacks. Fast flux is an approach that assigns multiple IP addresses to a single domain name associated with a phishing site. This allows phishers to quickly switch from one IP address to another, making it very difficult to shut down the phishing site, especially when they are taking advantage of the off-peak hours for most small security teams.

The increasing use of Fast Flux means incident response plans need updating. For attacks using the Fast Flux technique, getting a phishing site taken down is no longer as straightforward as contacting the hosting ISP. Instead, security professionals must contact the domain name registrar, which means a different set of contacts and a process that can take longer to complete.

While online attacks are changing rapidly, the public and private sectors are doing a better job of exchanging information and collaborating to combat fraud. As you update or create your online incident response plan, make sure to consider the following in your efforts:

-If you haven't already, provide an easy way for your members to report potential online fraud to you. The earlier you detect an issue the faster it can be resolved.

-Know how you will respond to new attacks once discovered. Who is responsible in your organization? What internal or external resources are there to support the response team?

-How will you communicate new problems with customers? Should the media contact you about an attack, know how you will respond?

-Broaden your relationships to include US Cert, Secret Service, etc….

-Know how you'll work with registrars in the event you are faced with a fast flux-based attack.

-Consider using an outsourced service provider for threat detection and take down.

It is important to keep in mind that even the most astute customers of well-known brands can be deceived into sharing valuable personal information through these more complex and sophisticated phishing schemes. To address these threats you need an around-the-clock, intelligence-led approach to security — one that can identify risks early for effective prevention and mitigation. Make sure your security team, whether internal or outsourced, has the necessary intelligence and resources to quickly identify, shut down and recover from online scams that mislead your members through fraudulent use of your corporate identity.