Blog

Safeguarding Credit Unions: Recent Cyber Attacks in the USA and Cybersecurity Best Practices

In recent years, credit unions in the United States have become increasingly susceptible to cyber- attacks, emphasizing the urgent need for robust cybersecurity measures. These financial institutions, known for their community-focused approach, face the daunting challenge of protecting sensitive member information from the evolving threat landscape. This article delves into recent cyber- attacks on credit unions in the USA and proposes cybersecurity best practices to fortify their defenses.

Recent Cyber Attacks on Credit Unions:

In the past year, credit unions across the nation have fallen victim to a variety of cyber- attacks, ranging from ransomware incidents to data breaches. These attacks exploit vulnerabilities in digital infrastructures, putting member data and financial systems at risk. In some cases, threat actors have targeted credit unions for their perceived weaker security postures compared to larger financial institutions.

In a recent cyber-attack, over 60 credit unions across the United States have been taken offline following a ransomware attack at one of their technology providers – demonstrating once again the damage that can be caused by a supply-chain-attack.

There are a few moving parts here, so here’s a quick summary:

Trellance – A provider of solutions and services used by credit unions, and the parent company of FedComp.

FedComp – a provider of software and services that enable credit unions to operate around the world.

Ongoing Operations – a unit of Trellance, which specialises in disaster recovery and business recovery, providing cloud services to credit unions to ensure that their business activities “operate without interruption, even when nothing else seems to be going well.”

National Credit Union Administration (NCUA) spokesperson Joseph Adamoli said that several credit unions were informed at the start of this month by Ongoing Operations that it had been hit by a ransomware attack.

In an update on its website, Ongoing Operations describes how it experienced the “isolated cybersecurity incident” on November 26, 2023, and “took immediate action to address and investigate.”

Ongoing Operations also brought in third-party specialists to assist in the investigation, informed federal law enforcement, and notified impacted customers.

Of course, Ongoing Operations is in the supply chain (via Trellance and FedComp) to scores of credit unions, which raises understandable concerns that not only are the operations of credit unions being impacted by the attack but also that sensitive information may have been accessed by malicious hackers.

Ongoing Operations says that currently, it has “no evidence of any misuse of information” and that it is still conducting a review to ascertain what data may have been impacted and to whom the information belonged.

It’s important to underline that it was not the credit unions themselves that fell victim to a ransomware attack. This was a supply-chain attack targeted at a company that provides services to many credit unions.

When a supply chain suffers a cybersecurity breach as powerful as a ransomware attack, the impact can cascade downwards, impacting many more companies that share the same common provider and – as a consequence – many more customers.

In this particular case, security researchers have claimed that the attack was executed via exploitation of the CitrixBleed vulnerability (also known as CVE-2023-4966) on an unpatched Cisco NetScaler device.

The National Credit Union Administration (NCUA) says that in the wake of the cyber- attack, it is coordinating with affected credit unions.

What to do immediately if you are one of the affected credit union or have worked with one of them?

1. Kill or invalidate all existing user sessions.
2. In parallel, please contact Rainbow Secure Team to configure user friendly and strong #MFA separately for sensitive applications including your email platform that were not enabled with MFA or was not completely deployed across entire user base and / or where you solely relied on Citrix for your authentication security.

#Cyberdefense #RainbowSecureStopsCyberAttacks

Going forward: Best Cybersecurity practices for credit unions

Enhancing cybersecurity measures is crucial for credit unions to safeguard sensitive member information and maintain the trust of their customers. Here are some cybersecurity good practices tailored for credit unions:

1. Employee Training and Awareness: Regularly train employees on cybersecurity best practices, including identifying phishing attempts and practicing good password hygiene. Foster a culture of cybersecurity awareness throughout the organization.
2. Multi-Factor Authentication (MFA): Implement multi-factor authentication for accessing sensitive systems and databases. MFA adds an extra layer of protection by requiring additional verification beyond passwords.
3. Regular Security Audits: Conduct regular security audits and assessments to identify vulnerabilities in networks, systems, and applications. Address and remediate any weaknesses promptly to reduce the risk of exploitation.
4. Data Encryption: Encrypt sensitive member data both in transit and at rest. Use strong encryption protocols to protect information from unauthorized access.
5. Incident Response Plan: Develop and regularly update an incident response plan outlining the steps to be taken in the event of a cybersecurity incident. Ensure that all staff members are familiar with the plan and conduct regular drills.
6. Vendor Risk Management: Assess and manage the cybersecurity risk associated with third-party vendors. Ensure that vendors adhere to robust security practices and comply with industry regulations.
7. Continuous Monitoring: Implement continuous monitoring systems to detect and respond to anomalous activities in real-time. Utilize advanced analytics and artificial intelligence for early threat detection.
8. Secure Software Development Practices: Implement secure coding practices in software development to minimize the risk of vulnerabilities. Regularly update and patch software to address known security issues.
9. Employee Background Checks: Conduct thorough background checks on employees, especially those with access to sensitive financial and member data. Monitor employee activities for any unusual behavior that may indicate insider threats.
10. Regulatory Compliance: Stay compliant with relevant cybersecurity regulations and standards. Regularly review and update policies and procedures to align with changing regulatory requirements.
11. Member Education: Educate credit union members about cybersecurity best practices, including the importance of strong passwords and recognizing phishing attempts. Provide resources and tips for members to protect their personal information.
12. Regular Security Updates: Keep all systems, applications, and software up-to-date with the latest security patches. Regularly update antivirus and anti-malware software to defend against evolving threats.
13. Security Awareness Programs: Conduct regular security awareness programs for both employees and members. Share information about current cybersecurity threats and how to stay protected.
14. Collaboration with Industry Peers: Collaborate with other credit unions and financial institutions to share threat intelligence. Participate in industry forums and stay informed about emerging threats and attack vectors.
15. Cybersecurity Insurance: Consider obtaining cybersecurity insurance to mitigate financial risks associated with data breaches and cyber attacks.

Implementing a comprehensive cybersecurity strategy is essential for credit unions to protect their assets and the sensitive information of their members. Regular training, proactive monitoring, and collaboration with industry partners can significantly enhance the cybersecurity posture of credit unions.

In the face of escalating cyber threats, credit unions must prioritize cybersecurity to safeguard their members’ trust and financial well-being. By implementing these best practices, credit unions can fortify their defenses and create resilient systems that withstand the evolving nature of cyber-attacks. Vigilance, collaboration, and a commitment to continuous improvement are paramount in the ongoing battle against cyber threats.

Rainbow Secure plays a pivotal role in fortifying your business against cyber threats. In an era where digital security is no longer optional but a necessity, Rainbow Secure stands as a guardian, offering robust, user-friendly, and compliant security solutions.

Enhanced Security Rainbow Secure’s multi-dimensional approach to security, incorporating unique color and style-based authentication, has redefined the meaning of ‘secure login’. By protecting against threats like keyloggers, brute force, and phishing attacks, we ensure that critical infrastructure sector can operate in the digital realm with confidence and peace of mind.

Simplified User Experience Understanding that complexity is the enemy of security, Rainbow Secure has revolutionized the user experience. Our intuitive and customizable login process not only enhances security but also fosters user engagement and compliance. This ease of use is critical in ensuring that security measures are consistently and effectively implemented across organizations.

Compliance and Regulation In today’s regulatory landscape, compliance is not just about checking boxes. It’s about protecting reputations, building trust, and ensuring long-term sustainability. Rainbow Secure helps critical infrastructure sector navigate this complex terrain, adhering to stringent standards like GDPR, HIPAA, and NIST, among others. Our commitment to compliance is a testament to our dedication to not just meeting, but exceeding, the highest standards of data protection and privacy.

How can Rainbow Secure help?

Right amount of data and system access to right person or role at right time is the key to organizations being able to use digital tools and platforms to serve the customer base and stay compliant.

Next Generation Rainbow Secure platform is a modern identity authentication (MFA) and single sign- on (SSO) solution for your business across on-premises and cloud environments. It’s backed by an experienced team of cloud and security experts, years of innovation, and partnerships with leading cloud platforms. Rainbow Secure is a Leader in Smart and Secure Digital Solutions that work for you.

Insider Threats: Rainbow Secure assists in mitigating insider threats by implementing access controls, user monitoring, and privilege management solutions. Also, if the user leaves behind unlocked devices, saved passwords in the password manager or browser can be misused by malicious insiders. Interactive login security from Rainbow Secure helps prevents unauthorized access and protects against data theft or misuse by privileged users.

ChatGPT Security for business: Secure your ChatGPT login and Data with Rainbow Secure MFA Plugin.

Secure AI Integration: Consult Rainbow Secure Team to integrate AI in your business workflows powered by Azure and Rainbow Secure API.

Secure Workforce & Customer login: Use Authentication Plug-in by Rainbow Secure to secure workforce and customer logins. In this plug-in, you get a multi-dimensional password, passwordless login solutions with AI monitoring, Risk Analytics, and location fencing.

IoT Friendly Security: IoT platform developers can secure their cloud endpoints, and user logins (both admin and customer) against unauthorized access and scripted malware attacks using easy to adapt and support multi-layer interactive rainbow secure authentication solutions and services that includes but not limited to security assessment, API Security, secure user onboarding, and risk analytics.

Secure Data and its Backups We provide Cloud based data vault and data archive solutions backed by Microsoft Azure and secured by our authentication plugin and industry best practices to give you ransomware protection, help with data governance and disaster mitigation.

Database Security We provide technical consulting services to Secure Databases in cloud and on premise. You get best protection for your data in databases using native and third-party security tools.

Meet Compliance Requirements: Use Authentication Plug-in by Rainbow Secure with your business application and in SSO (Single Sign-on) and meet industry standards and compliance regulations such as NIST, ISO, FTC, SOX, SOC2, CMMC, CMMI, HIPAA, PCI, and others.

Securely communicate and Collaborate: Use Secure Business Email by Rainbow Secure and get protection against account takeover, phishing, ransomware, and automated login cyber frauds. In this email, you get options to send encrypted emails, single sign-on with Office 365, and Google, and 1 TB one drive storage.

Connect Business applications: Get one unified login using Rainbow Secure Single Sign-On

Manage User Onboarding / Offboarding using Rainbow Secure IAM

Verify User using Smart Multi-factor MFA. Smart Multi-Factor Authentication from Rainbow Secure which adjusts to your use case, reduces the cyber liabilities of a business from stolen credentials and improves productivity, and enhances user experience.

Do you have more questions about how Rainbow Secure’s innovative solutions help to enhance your security posture and safeguard your business from cyber threats and attacks? Contact us today. Email us at Hello@rainbowsecure.com