5 Things Credit Unions Can Learn from Cyber Attacks

Distributed denial-of-service (DDoS) attacks are sophisticated cyber-attacks where criminals attempt to disrupt a machine or network’s online services by overwhelming it with high-volume traffic.

The goal of DDoS attacks

There is a number of reasons why cyber criminals would want to use a DDoS attack, ranging from so-called “hacktivism” — a term given to activism through the medium of hacking — to ransomware, stealing customer data, holding online properties for ransom, and even hiding fraud. The National Credit Union Association (NCUA) reports a wave of DDoS attacks last year that nearly overwhelmed Automated Clearing House systems was actually related to what appears to be an internet conspiracy.

According to the NCUA, “These attacks on the payments system are part of a concerted fraud scheme based on conspiracy theories found on social media and member-only blogs and chat rooms across the internet. Although these theories are easily refutable, it is important to know their basic premise: Several groups or individuals believe there is property or money being held in a trust that was set up at birth for every citizen by the U.S. government. All the supposed owner needs to do to access these funds through the payments system is to use the Federal Reserve Systems’ routing numbers and the owner’s social security number as the account number.”                                                                               

To make the situation worse, instructions for carrying out this fraud have been widely posted on social media and video-sharing platforms, enabling even amateur cyber criminals to commit DDoS attacks. For credit unions, DDoS attacks are dangerous distractions that can damage member trust and the credit union’s reputation.

What can credit unions learn from previous attacks?

Here’s what credit unions can take away from previous DDoS attacks:

1. Attackers like going after those who are vulnerable, so don’t be vulnerable. Make your credit union look like a harder target, which will discourage all but the most dedicated attackers.
2. Multi-vector DDoS attacks have remained the top threat. Internet security firm Verisign reports that 58 percent of DDoS attacks have at least two attack types. Polymorphic attacks, or attacks that change over time, can present a serious threat to even the well prepared.
3. Spread out your internet infrastructure. Having all your eggs in one basket means a predator could more easily snatch all of them, so make sure to build in redundancy.
4. Don’t rely on just one mitigation service or firewall. Having layered defenses could mean the difference between being protected or being breached.
5. Even the best written plan or mitigation strategy isn’t complete without testing. A proper DDoS simulation, like a fire drill, can help a credit union confirm if their preparations are up to par.

Learning from past attacks means being better prepared in the future to halt attacks and recover faster.