Credit Union Distributed Denial of Services – Mitigation Services – How do they Work?
If you work for a credit union or are concerned about a group of hackers targeting your company, you may be worried about Distributed Denial of Service Attacks. DDoS attacks against credit unions are an ongoing concern, and throughout the last decade, multiple attacks have taken down various credit union websites.
Denial of Service (DoS) attacks are nothing new, but these brute force attacks are still relevant, and they’re always getting stronger. The attacking system(s) do their best to flood or crash your systems through a very large amount of basic, typical tasks.
DDoS Mitigation for Credit Unions
If you heard all the buzz about DDoS attacks and began looking into mitigation solutions, that will act as a good primer for you. DDoS attacks have been pointed at everything from The Dog Whisperer’s website, to video game networks, to credit unions, and even to the US Government.
The extra “D” in front of “DoS” exponentially increases the effectiveness the disruptiveness of attacks. The extra “D” stands for “distributed,” which refers to the spread-out nature and quantity of attacking machines. Using networks of “slave machines” (usually malware-infected PCs) across the world, all of those individual clients are pointed at your website with the goal of gumming up your bandwidth and slowing or crashing your web servers via endless, pointless network traffic and requests.
Imagine DoS and DDoS attacks as if computers are people who are shouting at you. For DoS attacks, a person is shouting at you and messing up your concentration. With DDoS attacks, hundreds or thousands of people are shouting at the same time. It’s nearly impossible to keep up with all that!
DDoS Mitigation Tools for Credit Unions
In their simplest form, DDoS mitigation tools are remote network traffic filters. Some are activated by an IT professional on the client side when they see something unusual. Some automatically detect undesired traffic. Some services constantly filter all traffic to ensure nothing fishy is going on.
There are cost implications related to each of these different scenarios, but that doesn’t mean that one method is necessarily better than another. Each mitigation strategy does the same thing: prevent undesired traffic from hitting your network/servers.
There are two types of mitigation services:
Appliance-based and network-based.
With both types of services, the strategy is essentially the same: pool the request volume into a black hole while filtering out the good traffic from the bad. Both types are pretty expensive from the top providers (often $5–10k or more per month). Ultimately, what you need to look for is the capacity of the black hole.
DDoS Challenges for Credit Unions
Capacity: Most DDoS attacks generate 1–2 GB of traffic (and often more). The average credit union has only about 20–100 MB of capacity. Obviously, any solution must be able to consume and reroute 1–2 GB of traffic if it’s going to work.
Expertise: Quickly re-routing and separating good traffic from the bad requires senior level network engineers and a plan. It also requires testing and creativity. Most credit unions can’t afford to have the expertise sitting around just in case (although CISOaaS helps).
DDoS is a hot topic in the IT world, and we are going to continue discussing DDoS threats, solutions, best practices, and what CUs can do about it.
Would you like to see how Ongoing Operations can help your credit union mitigate a DDoS attack? Or how to mitigate a DoS attack? Follow the links below, or fill out our form for more information: