Safeguarding Credit Unions: Recent Cyber Attacks in the USA and Cybersecurity Best Practices (2024)

In recent years, credit unions in the United States have become increasingly susceptible to cyber- attacks, emphasizing the urgent need for robust cybersecurity measures. These financial institutions, known for their community-focused approach, face the daunting challenge of protecting sensitive member information from the evolving threat landscape. This article delves into recent cyber- attacks on credit unions in the USA and proposes cybersecurity best practices to fortify their defenses.

Recent Cyber Attacks on Credit Unions:

In the past year, credit unions across the nation have fallen victim to a variety of cyber- attacks, ranging from ransomware incidents to data breaches. These attacks exploit vulnerabilities in digital infrastructures, putting member data and financial systems at risk. In some cases, threat actors have targeted credit unions for their perceived weaker security postures compared to larger financial institutions.

In a recent cyber-attack, over 60 credit unions across the United States have been taken offline following a ransomware attack at one of their technology providers - demonstrating once again the damage that can be caused by asupply-chain-attack.

There are a few moving parts here, so here’s a quick summary:

Trellance- A provider of solutions and services used by credit unions, and the parent company of FedComp.

FedComp- a provider of software and services that enable credit unions to operate around the world.

Ongoing Operations- a unit of Trellance, which specialises in disaster recovery and business recovery, providing cloud services to credit unions to ensure that their business activities "operate without interruption, even when nothing else seems to be going well."

National Credit Union Administration (NCUA) spokesperson Joseph Adamolisaidthat several credit unions were informed at the start of this month by Ongoing Operations that it had been hit by a ransomware attack.

In an update on its website, Ongoing Operationsdescribeshow it experienced the "isolated cybersecurity incident" on November 26, 2023, and "took immediate action to address and investigate."

Ongoing Operations also brought in third-party specialists to assist in the investigation, informed federal law enforcement, and notified impacted customers.

Of course, Ongoing Operations is in the supply chain (via Trellance and FedComp) to scores of credit unions, which raises understandable concerns that not only are the operations of credit unions being impacted by the attack but also that sensitive information may have been accessed by malicious hackers.

Ongoing Operations says that currently, it has "no evidence of any misuse of information" and that it is still conducting a review to ascertain what data may have been impacted and to whom the information belonged.

It's important to underline that it was not the credit unions themselves that fell victim to a ransomware attack. This was a supply-chain attack targeted at a company that provides services to many credit unions.

When a supply chain suffers a cybersecurity breach as powerful as a ransomware attack, the impact can cascade downwards, impacting many more companies that share the same common provider and - as a consequence - many more customers.

In this particular case, security researchers haveclaimedthat the attack was executed via exploitation of theCitrixBleed vulnerability(also known as CVE-2023-4966) on an unpatched Cisco NetScaler device.

The National Credit Union Administration (NCUA) says that in the wake of the cyber- attack, it is coordinating with affected credit unions.

What to do immediately if you are one of the affected credit union or have worked with one of them?

  1. Kill or invalidate all existing user sessions.
  2. In parallel, please contact Rainbow Secure Team to configure user friendly and strong #MFA separately for sensitive applications including your email platform that were not enabled with MFA or was not completely deployed across entire user base and / or where you solely relied on Citrix for your authentication security.

#Cyberdefense #RainbowSecureStopsCyberAttacks

Going forward: Best Cybersecurity practices for credit unions

Enhancing cybersecurity measures is crucial for credit unions to safeguard sensitive member information and maintain the trust of their customers. Here are some cybersecurity good practices tailored for credit unions:

  1. Employee Training and Awareness:Regularly train employees on cybersecurity best practices, including identifying phishing attempts and practicing good password hygiene.Foster a culture of cybersecurity awareness throughout the organization.
  2. Multi-Factor Authentication (MFA):Implement multi-factor authentication for accessing sensitive systems and databases. MFA adds an extra layer of protection by requiring additional verification beyond passwords.
  3. Regular Security Audits:Conduct regular security audits and assessments to identify vulnerabilities in networks, systems, and applications. Address and remediate any weaknesses promptly to reduce the risk of exploitation.
  4. Data Encryption:Encrypt sensitive member data both in transit and at rest.Use strong encryption protocols to protect information from unauthorized access.
  5. Incident Response Plan: Develop and regularly update an incident response plan outlining the steps to be taken in the event of a cybersecurity incident. Ensure that all staff members are familiar with the plan and conduct regular drills.
  6. Vendor Risk Management:Assess and manage the cybersecurity risk associated with third-party vendors.Ensure that vendors adhere to robust security practices and comply with industry regulations.
  7. Continuous Monitoring: Implement continuous monitoring systems to detect and respond to anomalous activities in real-time.Utilize advanced analytics and artificial intelligence for early threat detection.
  8. Secure Software Development Practices:Implement secure coding practices in software development to minimize the risk of vulnerabilities.Regularly update and patch software to address known security issues.
  9. Employee Background Checks:Conduct thorough background checks on employees, especially those with access to sensitive financial and member data.Monitor employee activities for any unusual behavior that may indicate insider threats.
  10. Regulatory Compliance:Stay compliant with relevant cybersecurity regulations and standards. Regularly review and update policies and procedures to align with changing regulatory requirements.
  11. Member Education:Educate credit union members about cybersecurity best practices, including the importance of strong passwords and recognizing phishing attempts.Provide resources and tips for members to protect their personal information.
  12. Regular Security Updates:Keep all systems, applications, and software up-to-date with the latest security patches.Regularly update antivirus and anti-malware software to defend against evolving threats.
  13. Security Awareness Programs:Conduct regular security awareness programs for both employees and members.Share information about current cybersecurity threats and how to stay protected.
  14. Collaboration with Industry Peers:Collaborate with other credit unions and financial institutions to share threat intelligence.Participate in industry forums and stay informed about emerging threats and attack vectors.
  15. Cybersecurity Insurance:Consider obtaining cybersecurity insurance to mitigate financial risks associated with data breaches and cyber attacks.

Implementing a comprehensive cybersecurity strategy is essential for credit unions to protect their assets and the sensitive information of their members. Regular training, proactive monitoring, and collaboration with industry partners can significantly enhance the cybersecurity posture of credit unions.

In the face of escalating cyber threats, credit unions must prioritize cybersecurity to safeguard their members' trust and financial well-being. By implementing these best practices, credit unions can fortify their defenses and create resilient systems that withstand the evolving nature of cyber-attacks. Vigilance, collaboration, and a commitment to continuous improvement are paramount in the ongoing battle against cyber threats.

Rainbow Secure plays a pivotal role in fortifying your business against cyber threats. In an era where digital security is no longer optional but a necessity, Rainbow Secure stands as a guardian, offering robust, user-friendly, and compliant security solutions.

Enhanced Security Rainbow Secure's multi-dimensional approach to security, incorporating unique color and style-based authentication, has redefined the meaning of 'secure login'. By protecting against threats like keyloggers, brute force, and phishing attacks, we ensure that critical infrastructure sector can operate in the digital realm with confidence and peace of mind.

Simplified User Experience Understanding that complexity is the enemy of security, Rainbow Secure has revolutionized the user experience. Our intuitive and customizable login process not only enhances security but also fosters user engagement and compliance. This ease of use is critical in ensuring that security measures are consistently and effectively implemented across organizations.

Compliance and Regulation In today's regulatory landscape, compliance is not just about checking boxes. It's about protecting reputations, building trust, and ensuring long-term sustainability. Rainbow Secure helps critical infrastructure sector navigate this complex terrain, adhering to stringent standards like GDPR, HIPAA, and NIST, among others. Our commitment to compliance is a testament to our dedication to not just meeting, but exceeding, the highest standards of data protection and privacy.

How can Rainbow Secure help?

Right amount of data and system access to right person or role at right time is the key to organizations being able to use digital tools and platforms to serve the customer base and stay compliant.

Next Generation Rainbow Secure platform is a modern identity authentication (MFA) and single sign- on (SSO) solution for your business across on-premises and cloud environments. It's backed by an experienced team of cloud and security experts, years of innovation, and partnerships with leading cloud platforms. Rainbow Secure is a Leader in Smart and Secure Digital Solutions that work for you.

Insider Threats: Rainbow Secure assists in mitigating insider threats by implementing access controls, user monitoring, and privilege management solutions. Also, if the user leaves behind unlocked devices, saved passwords in the password manager or browser can be misused by malicious insiders. Interactive login security from Rainbow Secure helps prevents unauthorized access and protects against data theft or misuse by privileged users.

ChatGPT Security for business: Secure your ChatGPT login and Data with Rainbow Secure MFA Plugin.

Secure AI Integration: Consult Rainbow Secure Team to integrate AI in your business workflows powered by Azure and Rainbow Secure API.

Secure Workforce & Customer login: Use Authentication Plug-in by Rainbow Secure to secure workforce and customer logins. In this plug-in, you get a multi-dimensional password, passwordless login solutions with AI monitoring, Risk Analytics, and location fencing.

IoT Friendly Security: IoT platform developers can secure their cloud endpoints, and user logins (both admin and customer) against unauthorized access and scripted malware attacks using easy to adapt and support multi-layer interactive rainbow secure authentication solutions and services that includes but not limited to security assessment, API Security, secure user onboarding, and risk analytics.

Secure Data and its Backups We provide Cloud based data vault and data archive solutions backed by Microsoft Azure and secured by our authentication plugin and industry best practices to give you ransomware protection, help with data governance and disaster mitigation.

Database Security We provide technical consulting services to Secure Databases in cloud and on premise. You get best protection for your data in databases using native and third-party security tools.

Meet Compliance Requirements: Use Authentication Plug-in by Rainbow Secure with your business application and in SSO (Single Sign-on) and meet industry standards and compliance regulations such as NIST, ISO, FTC, SOX, SOC2, CMMC, CMMI, HIPAA, PCI, and others.

Securely communicate and Collaborate: Use Secure Business Email by Rainbow Secure and get protection against account takeover, phishing, ransomware, and automated login cyber frauds. In this email, you get options to send encrypted emails, single sign-on with Office 365, and Google, and 1 TB one drive storage.

Connect Business applications: Get one unified login using Rainbow Secure Single Sign-On

Manage User Onboarding / Offboarding using Rainbow Secure IAM

Verify User using Smart Multi-factor MFA. Smart Multi-Factor Authentication from Rainbow Secure which adjusts to your use case, reduces the cyber liabilities of a business from stolen credentials and improves productivity, and enhances user experience.

Do you have more questions about how Rainbow Secure’s innovative solutions help to enhance your security posture and safeguard your business from cyber threats and attacks? Contact us today. Email us at Hello@rainbowsecure.com

Safeguarding Credit Unions: Recent Cyber Attacks in the USA and Cybersecurity Best Practices (2024)

FAQs

Safeguarding Credit Unions: Recent Cyber Attacks in the USA and Cybersecurity Best Practices? ›

Regularly update antivirus and anti-malware software to defend against evolving threats. Security Awareness Programs: Conduct regular security awareness programs for both employees and members. Share information about current cybersecurity threats and how to stay protected.

What measures should be implemented to safeguard information systems and prevent cybersecurity threats? ›

Protect Your Organization From Cybersecurity Risks Today
  • Creating data backups and encrypting sensitive information.
  • Updating all security systems and software.
  • Conducting regular employee cybersecurity training.
  • Using strong and complex passwords.
  • Installing firewalls.
  • Reducing your attack surfaces.
Mar 5, 2024

What are the 5 best methods used for cyber security? ›

Essential cyber security measures
  • Use strong passwords. Strong passwords are vital to good online security. ...
  • Control access to data and systems. ...
  • Put up a firewall. ...
  • Use security software. ...
  • Update programs and systems regularly. ...
  • Monitor for intrusion. ...
  • Raise awareness.

Which credit unions are affected by ransomware attack? ›

The RansomHouse extortion group added Jefferson Credit Union to its list of victims in 2022 and Envision Credit Union announced a cyberattack last year involving the LockBit ransomware group. Ardent Credit Union also faced an incident in 2020.

What is the US doing to prevent cyber attacks? ›

Current tools include the National Cybersecurity Protection System, of which the EINSTEIN cyber intrusion detection system is a key component; the National Cybersecurity and Communications Integration Center, which serves as the nation's principal hub for organizing cyber response efforts; and a 2010 landmark agreement ...

What is the best way in safeguarding ourselves from cyber security attacks? ›

Here are 7 ways to shield yourself from cybersecurity threats:
  • Use multi-factor authentication. ...
  • Choose harder-to-guess passwords. ...
  • Don't log in to sensitive accounts using unsecured networks. ...
  • Freeze your credit. ...
  • Use credit cards with chips, not debit cards. ...
  • Get creative with the answers to your security questions.
Oct 25, 2023

What are effective safeguards against cyber crime? ›

By implementing effective measures to safeguard your business, such as strong passwords, regular software updates, and employee training on cybersecurity best practices, you can significantly reduce the risk of falling victim to cybercrime.

What are the 3 C's of cyber security? ›

The 3Cs of Best Security: Comprehensive, Consolidated, and Collaborative. Cybercriminals are constantly finding new ways to exploit governments, major corporations and small to medium sized businesses.

What are the 4 P's of cyber security? ›

Bringing People, Process, Policy and Partners together to build a cyber risk aware culture.

What are the four 4 cybersecurity protocols? ›

These security protocols, including encryption, authentication, intrusion detection, and firewall management, collectively contribute to a multi-layered defense against an array of cyber threats. Understanding and implementing a comprehensive list of security protocols is essential for safeguarding your digital assets.

Are credit unions safe during this banking crisis? ›

Credit unions are insured by the National Credit Union Administration (NCUA). Just like the FDIC insures up to $250,000 for individuals' accounts of a bank, the NCUA insures up to $250,000 for individuals' accounts of a credit union. Beyond that amount, the bank or credit union takes an uninsured risk.

Are credit unions safe from hackers? ›

Recent Cyber Attacks on Credit Unions:

These attacks exploit vulnerabilities in digital infrastructures, putting member data and financial systems at risk. In some cases, threat actors have targeted credit unions for their perceived weaker security postures compared to larger financial institutions.

What is a threat to credit unions? ›

Cyberattacks are one of the greatest threats financial institutions face. The average financial security breach costs approximately $5.97 million. For credit union cybersecurity, this means keeping up to date with the latest cyber solutions is critical to protecting member data and their good name.

What is the US cybersecurity strategy? ›

This strategy seeks to build and enhance collaboration around five pillars: (1) Defend Critical Infrastructure, (2) Disrupt and Dismantle Threat Actors, (3) Shape Market Forces to Drive Security and Resilience, (4) Invest in a Resilient Future, and (5) Forge International Partnerships to Pursue Shared Goals.

What is the biggest cyber threat to the US? ›

Top 10 Cybersecurity Threats:
  • Social Engineering.
  • Third-Party Exposure.
  • Configuration Mistakes.
  • Poor Cyber Hygiene.
  • Cloud Vulnerabilities.
  • Mobile Device Vulnerabilities.
  • Internet of Things.
  • Ransomware.
Jan 4, 2024

Does the US have a national cybersecurity strategy? ›

On March 2, 2023, President Biden released the National Cybersecurity Strategy, a guiding document that has set the course for how the Biden-Harris Administration drives policy and action to defend our increasingly digital world.

What are the two measures to safeguard against computer system threats? ›

Antivirus software, antispyware software, and firewalls are also important tools to thwart attacks on your device.
  • Keep up-to-date. ...
  • Antivirus software. ...
  • Antispyware software. ...
  • Firewalls. ...
  • Choose strong passwords. ...
  • Use stronger authentication. ...
  • Be careful what you click. ...
  • Shop safely.

What are the three main ways to prevent security threats? ›

How to Prevent Network Attacks
  • Install antivirus software. One of the first lines of defense against malware and other viruses is to install antivirus software on all devices connected to a network (Roach & Watts, 2021). ...
  • Create strong passwords. ...
  • Enforce security policies. ...
  • Use firewalls. ...
  • Monitor activity.

What are the 3 components we want to protect in cyber security? ›

By embracing the principles of confidentiality, integrity, and availability, you bolster resilience and instill confidence in the face of evolving cybersecurity challenges. Let's take a deeper look into each of these pillars and how they work together to create strong information security protocols.

Top Articles
Latest Posts
Recommended Articles
Article information

Author: Sen. Ignacio Ratke

Last Updated:

Views: 6103

Rating: 4.6 / 5 (76 voted)

Reviews: 83% of readers found this page helpful

Author information

Name: Sen. Ignacio Ratke

Birthday: 1999-05-27

Address: Apt. 171 8116 Bailey Via, Roberthaven, GA 58289

Phone: +2585395768220

Job: Lead Liaison

Hobby: Lockpicking, LARPing, Lego building, Lapidary, Macrame, Book restoration, Bodybuilding

Introduction: My name is Sen. Ignacio Ratke, I am a adventurous, zealous, outstanding, agreeable, precious, excited, gifted person who loves writing and wants to share my knowledge and understanding with you.