Over sixty credit unions across the United States have been taken offline following a ransomware attack at one of their technology providers – demonstrating once again the damage that can be caused by a supply-chain attack.
There are a few moving parts here, so here’s a quick summary:
Trellance – A provider of solutions and services used by credit unions, and the parent company of FedComp.
FedComp – a provider of software and services that enable credit unions to operate around the world.
Ongoing Operations – a unit of Trellance, which specialises in disaster recovery and business recovery, providing cloud services to credit unions to ensure that their business activities “operate without interruption, even when nothing else seems to be going well.”
National Credit Union Administration (NCUA) spokesperson Joseph Adamoli told the media that several credit unions were informed at the start of this month by Ongoing Operations that it had been hit by a ransomware attack.
In an update on its website, Ongoing Operations describes how it experienced the “isolated cybersecurity incident” on November 26, 2023, and “took immediate action to address and investigate.”
Ongoing Operations also brought in third-party specialists to assist in the investigation, informed federal law enforcement, and notified impacted customers.
Of course, Ongoing Operations is in the supply chain (via Trellance and FedComp) to scores of credit unions, which raises understandable concerns that not only are the operations of credit unions being impacted by the attack but also that sensitive information may have been accessed by malicious hackers.
Ongoing Operations says that currently, it has “no evidence of any misuse of information” and that it is still conducting a review in an attempt to ascertain what data may have been impacted and to whom the information belonged.
Apologising for the disruption to her own customers, Maggie Styles – the CEO of affected federal credit union, the Mountain Valley FCU (MVFCU) – underlined that the attack against Trellance was not just impacting them:
In an update dated 4 December, MVCFU confirmed that its data processing systems remained non-operational and that it would “take a little more time to launch our online banking platform.”
Amongst the other credit unions affected were NY Bravest FCU and Secret Service FCU, who currently have prominent messages on their websites apologising for the downtime:
It’s important to underline that it was not the credit unions themselves that fell victim to a ransomware attack. This was a supply-chain attack targeted at a company that provides services to many credit unions.
When a supply chain suffers a cybersecurity breach as powerful as a ransomware attack, the impact can cascade downwards, impacting many more companies that share the same common provider and – as a consequence – many many more customers.
In this particular case, security researchers have claimed that the attack was executed via exploitation of the CitrixBleed vulnerability (also known as CVE-2023-4966) on an unpatched Cisco NetScaler device.
The National Credit Union Administration (NCUA) says that in the wake of the cyber attack, it is coordinating with affected credit unions.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire.