Distributed Denial of Service (DDoS)

Many Financial Institutions have experienced Distributed Denial of Service Attacks. Here is some information regarding the attacks.

What is a Distributed Denial of Service (DDoS) Attack?

A Distributed Denial of Service Attack is an attempt to make a website unavailable to its intended users. These attacks follow a common formula of flooding the website server with external communication requests so that it cannot respond to legitimate traffic, or it responds so slowly that it is rendered effectively unavailable.

How does a DDoS Attack occur?

A DDoS Attack is launched by a collection of networked computers which are referred to as a "botnet." Often compromised computers can be part of a botnet without the owner's knowledge. This can create further problems because the malicious traffic is coming from multiple IP addresses. The botnet is operated by a control server that tells the botnet when to send network traffic to the target website. With enough traffic, the target site is unable to process both the malicious traffic and the legitimate traffic.

Can a DDoS Attack be prevented?

No, an attack cannot be prevented, but Home Federal can work with our website vendor to help mitigate the effect of a DDoS attack. Tactics generally involve analyzing inbound traffic to try to isolate the malicious traffic. Once isolated, the malicious traffic can be diverted, and traffic volume can be reduced to a normal level.

Do DDoS Attacks involve data breaches?

No, a DDoS Attack by itself does not involve any sensitive information being taken. The attack only makes the website unavailable and inconveniences those trying to access it.

Are DDoS Attacks unique to the financial service industry?

No, DDoS Attacks are not unique to any particular service provider or any particular industry. During the first quarter of 2012, financial firms have seen a threefold increase in DDoS Attacks over last year.