Mitigating the Risk of Distributed Denial-of-Service (DDoS) Attacks

4/24/14

Article - Excerpts

DDoS Attacks

Mitigating Risks

You may be interested in my Magazine Article:

Mitigating the Risk

Distributed Denial-of-Service (DDoS) Attacks

April 2014

National Mortgage Professional Magazine

Free Subscription to Clients and Subscribers.

On Tuesday, April 1, 2014, Ellie Mae's systems were compromised by a Distributed Denial-of-Service (DDoS) attack. Resources known to be affected were all Encompass services, including Encompass Docs Solution™, Electronic Document Management ("eFolder"), Encompass Product and Pricing Service™, Encompass Compliance Service™, and Ellie Mae Network Services.

Ellie Mae itself proactively published a Press Release on April 1st, announcing that "recent outages [that] have made Ellie Mae's Encompass services unavailable to users." And further stating that it "has detected unusually high demand for services consistent with an external malicious attack characteristic of a distributed denial of service (DDoS)."

As reported by Bloomberg at the time, the system failure "prevented some mortgages from closing." One client complained that "our business is at a standstill."

For our own clients, we sought to know how Ellie Mae was challenging this attack and also we monitored its status page.

This article provides guidance in mitigating the many risks associated with a DDoS attack.

I hope you enjoy the article!

Regards,

Jonathan Foxx

President and Managing Director

EXCERPT

Since 2012, there has been an increasing number of DDoS attacks launched against financial institutions by politically motivated groups, so says FFIEC. However, we also know that DDoS attacks have come from foreign country proxies, mafia-type criminals, and sundry other nefarious individuals and organizations hell bent on disrupting financial institutions. DDoS attacks serve as a diversionary tactic by criminals attempting to commit fraud using stolen customer or bank employee credentials to initiate fraudulent wire or automated clearinghouse transfers.

BACK

EXCERPT

There are actions a financial institution's management would be wise to take to mitigate the risks associated with DDoS attacks, given the company's size, complexity and risk profile. Any plan to mitigate such risks should include at least these six elements. ...

BACK

Lenders Compliance Group, Inc.

167 West Hudson Street - Suite 200

Long Beach, New York 11561

LENDERS COMPLIANCE GROUP is the first full-service, mortgage risk management firm in the United States specializing exclusively in outsourced mortgage compliance and offering a full suite of services in residential mortgage banking for banks and non-banks. We are pioneers in outsourcing solutions for residential mortgage compliance. We offer our clients real-world, practical solutions to mortgage compliance issues, with an emphasis focused on operational assessment and improvement, benchmarking methodologies, Best Practices, regulatory compliance, and mortgage risk management.

This newsletter is free to subscribers, clients, and colleagues, who also regularly receive our free Mortgage Compliance Updates, Publications Notices, and Commentaries.

Information contained in this email is not intended to be and is not a source of legal advice. The views expressed are those of the contributing author, as well as news services and websites linked hereto, and do not necessarily reflect the views or policies of Lenders Compliance Group, any governmental agency, business entity, organization, or institution. Lenders Compliance Group makes no representations concerning and does not guarantee the source, originality, accuracy, completeness, or reliability of any statement, information, data, finding, interpretation, advice, opinion, or view presented herein.

167 West Hudson Street - Suite 200 | Long Beach | New York | 11561 | (516) 442-3456