CAMBRIDGE, Mass.—A new report from digital security firm Akamai reveals that the financial services industry is one of the most vulnerable to botnet cyberattacks, and credit unions are increasingly targeted because of their smaller size.
The report focuses on "credential stuffing attacks." Akamai describes these attacks as botnets attempting to access a target site in order to assume an identity, gather information, or steal money or goods by using lists of usernames and passwords obtained through data breaches. Between November 2017 and June 2018, Akamai said it tracked more than 30 billion malicious login attempts.
One credit union is included as a case study in the report as an example of a "low and slow" attack, where botnets can remain active and undetected for long periods of times. Akamai warns that these attacks are "part of an expanding ecosystem of attackers coming to your site every day, increasingly using methods that you can't detect without specialized tools."
Both CU trade groups have been active with lawmakers since the massive 2013 Target data breach stressing the need for a legislative solution to reform the nation's data security system. NAFCU noted, for instance, it has also shared with Congress principles credit unions would like to see addressed in any comprehensive cyber and data security legislation, and is currently monitoring a bill that would require data breach notifications for financial entities akin to what is in place for financial institutions under the Gramm-Leach-Bliley Act.