More than 60 credit unions across the United States have been shut down after one of their technology providers was hit by a ransomware attack, once again demonstrating the damage that supply chain attacks can cause.
There are some moving parts here, so here’s a quick summary:
Trey Lance – Provider of solutions and services used by credit unions and parent company of FedComp.
federal reserve board – A software and services provider that enables credit unions to do business around the world.
continuing operation – Trellance, a division of Trellance that specializes in disaster recovery and business recovery, provides cloud services to credit unions to ensure their business activities “run without interruption, even when everything else seems to be going poorly.”
National Credit Union Administration (NCUA) spokesman Joseph Adamoli told the media that earlier this month, several credit unions were notified by Ongoing Operations that they had been hit by a ransomware attack.
In an update to its website, Ongoing Operations described how it experienced an “isolated cybersecurity incident” on November 26, 2023, and “took immediate action to resolve and investigate.”
The Continuing Operations unit also hired third-party experts to assist with the investigation, notify federal law enforcement and notify affected customers.
Of course, ongoing operations are in the supply chain of dozens of credit unions (through Trellance and FedComp), which raises understandable concerns that not only are credit union operations affected by the attack, but that sensitive information may have been maliciously compromised. guest.
Ongoing Operations said there was currently “no evidence of any misuse” and that a review was ongoing to try to determine what data may have been affected and who the information belonged to.
Maggie Styles, CEO of the affected federal credit union Mountain Valley FCU (MVFCU), apologized for the disruption to her customers, emphasizing that the attack on Trellance affected more than just them:
This isn’t just an MVFCU problem, it’s a nationwide problem. Trellance and FedComp have been working around the clock to bring our systems back online along with other credit unions across the country experiencing the same issues.
In an update on December 4, MVCFU confirmed that its data processing system was still not operational and that it would “need more time to launch our online banking platform.”
Other affected credit unions include NY Bravest FCU and Secret Service FCU, which have posted important messages on their websites and apologized for the downtime:
It’s important to stress that it’s not the credit union itself that fell victim to the ransomware attack. This was a supply chain attack against a company that provides services to many credit unions.
When a supply chain suffers a cybersecurity breach as severe as a ransomware attack, the impact can cascade downward, affecting more companies sharing the same suppliers and thus more customers.
In this particular case, security researchers claim that the attack was carried out by exploiting the CitrixBleed vulnerability, also known as CVE-2023-4966, on unpatched Cisco NetScaler devices.
The National Credit Union Administration (NCUA) said it is coordinating with affected credit unions following the cyberattack.
Editor’s note: The opinions expressed in this guest author article are those of the contributor and do not necessarily reflect the views of Tripwire.