What Is a DDoS Attack and Why Should Credit Unions Be Concerned?


What Is a DDoS Attack and Why Should Credit Unions Be Concerned?

Distributed denial-of-service (DDoS) attacks are sophisticated cyber-attacks where criminals attempt to disrupt a machine or network’s online services by overwhelming it with high-volume traffic. There are several types of DDoS attacks, including:

  • Application attacks: These attacks are intended to overwhelm specific operating systems or applications by keeping a large number of connections open.
  • Protocol attacks: These attacks are intended to interfere with networks by consuming server resources or overburdening firewalls and load balancers.
  • Volume attacks: As the name suggests, cyber criminals attempt to flood a network with traffic in hopes of overwhelming the victim, disabling their ability to handle regular network traffic.

What this means for credit unions

For credit unions, DDoS attacks are dangerous distractions that hide fraud, aid in the installment of malware and viruses, or open a breach to steal financial assets and member data. In some cases, criminals may seek to cripple a financial institution’s online properties for ransom. For the duration of the attack, online banking portals may be shut down, damaging member trust and the credit union’s reputation.

The future of DDoS attacks

DDoS attacks on financial institutions have been on the rise for the last several years. The volume of such attacks leveled off in late 2017 but also became increasingly effective at breaching existing defenses. According to Neustar Security, a cybersecurity firm, there was an uptick in successful breaches last year as cyber criminals began targeting vulnerable organizations with multiple assaults.

In addition, as attacks grow in complexity, it is taking longer on average to detect DDoS attacks, with 46 percent of all assaults remaining undetected for roughly three hours after the attack begins. A longer detection time also means a slower response time, and 43 percent of companies say they are not able to respond until at least three hours after an attack has occurred.

To avoid becoming a part of these statistics, credit unions should implement DDoS-specific protocols for cyber-attack prevention, detection and resolution. And because these attacks will continue to evolve, a credit union’s protocols should be evaluated and updated on a regular basis to retain their effectiveness and relevance.

« Return to "CUSG Blog Corner"