Freely subscribe to our NEWSLETTER

“Credit unions need to have DDoS protection, especially in light of the huge impact to financial institutions during the Operation Ababil DDoS attacks last fall,” said Stuart Scholly, president at Prolexic. "Multiple attacks on UFCU and several other credit unions over the past few months is clear evidence that DDoS perpetrators are going after this financial sector with full force.”

Multiple DDoS Attacks

On January 24 of this year, DDoS attackers targeted the firm’s online banking URL and IP address and took down the website for 2 hours and 36 minutes. The attack peaked at 5.4 Gbps and lasted approximately two days before being mitigated by UFCU’s in-house IT resources and the credit union’s Internet Service Provider (ISP). During the site downtime, UFCU members could not access online banking, apply for auto loans or download documents, thereby totally disrupting the credit union’s services.

UFCU experienced a second DDoS attack on February 25, during which the online banking site was down for 4 hours and 6 minutes. Traffic peaked at 10.1 Gbps in a more sophisticated, randomized attack. The attackers’ strategy employed a toolkit to flood servers with repeated PDF requests and later switch to a new attack signature that targeted UFCU’s external DNS over port 53. The attack was mitigated approximately two days later with assistance from UFCU’s ISP.

Successful DDoS mitigation

After provisioning the PLXproxy DDoS mitigation service, Prolexic successfully mitigated a third DDoS attack against UFCU on March 7 of this year. The online banking site did not go down and neither UFCU’s IT team nor credit union members realized that a DDoS attack had even taken place due to the effective DDoS mitigation techniques employed.

“The March 7 attack had zero impact on our site thanks to DDoS protection by Prolexic,” said Glen Roberts, Infrastructure and Security Manager at UFCU. “The spike on the Prolexic Dashboard got up to just 575 Mbps, but our Internet pipe is only 50 Mbps, so that’s well over 10 times what we’re capable of handling. The Prolexic mitigation service kicked in quickly, so there wasn’t even a blip on our radar. You could tell that Prolexic was scrubbing that traffic out. That was a good win for us and Prolexic.”

Recommendations for DDoS preparedness

As the number of DDoS attacks against credit unions continues to rise, the National Credit Union Administration (NCUA) has responded by recommending three key DDoS preparation strategies for credit unions:

“Performing risk assessments to identify risks associated with DDoS attacks.
Ensuring incident response programs include a DDoS attack scenario during testing and address activities before, during, and after an attack.
Performing ongoing third-party due diligence, in particular on Internet and web-hosting service providers, to identify risks and implement appropriate traffic management policies and controls”[1]
Prolexic helped UFCU fulfill these recommendations by working with Roberts to create a DDoS run book. UFCU’s DDoS run book contains contact information for Prolexic, for the ISP, and for other credit unions that could possibly also be under DDoS attack. It also includes an architecture diagram of the UFCU network, as well as language to be used to communicate with credit union members when an attack occurs.

“Each company has its own incident response plan, but I think that every company should also have a DDoS-specific response plan, as well,” said Roberts. “After UFCU’s experience with DDoS attacks, I would encourage any credit union over US$500 million in assets to seriously consider purchasing DDoS mitigation services.”