Credit Unions Face Outages Amid Ransomware Attack on Third-Party Vendor

Approximately 60 credit unions are grappling with service disruptions following a ransomware attack on Trellance, a third-party IT vendor catering to the industry, as reported by the National Credit Union Administration (NCUA) on Friday. Trellance subsidiaries, including Ongoing Operations and FedComp, have confirmed the cyber incident, with Ongoing Operations specifying a ransomware attack on November 26.

Joseph Adamoli, acting director and media relations manager at NCUA, revealed in an email that Ongoing Operations, a Trellance-owned entity, informed affected credit unions about the security breach. FedComp, another Trellance-owned unit providing services to credit unions, reported a nationwide outage in the aftermath of the attack.

Ongoing Operations stated that the incident is confined to a section of its network, and investigations are ongoing to assess the potential impact on stored information. Cybersecurity researcher Kevin Beaumont linked the ransomware attack to a critical and widely exploited vulnerability in Citrix networking products, identified as CVE-2023-4966 or CitrixBleed.

Beaumont highlighted that Ongoing Operations' two Netscaler devices remain offline, causing disruptions that impact millions of Americans. The ransomware incident appears to be connected to the same vulnerability implicated in recent attacks against Boeing and Fidelity National Financial. The Cybersecurity and Infrastructure Security Agency (CISA) had previously urged organizations to apply a patch for this vulnerability following multiple compromises.

NCUA promptly informed relevant authorities, including the Treasury Department, FBI, and CISA, regarding the situation. The NCUA emphasized that deposits held by federally insured credit unions are covered up to $250,000 by the National Credit Union Share Insurance Fund.

This incident adds to the increasing number of ransomware attacks targeting credit unions in the current year. Earlier this year, several credit unions were affected by a series of attacks against MOVEit file-transfer service environments in late May. The NCUA has a structured framework for evaluating and responding to such incidents, with 146 incident reports received within the first month after requiring federally insured credit unions to report cybersecurity incidents within 72 days, according to NCUA Chair Todd Harper in October.

The GRC Report is the first word in governance, risk, and compliance news. As your trusted source for comprehensive coverage, the GRC Report keeps you informed and equipped to navigate the evolving landscape of governance, risk, and compliance. And remember, the GRC Report isn't just a news source; it's a community of professionals who share your passion for GRC excellence. Don't miss out on our insightful articles and breaking news – join the conversation and empower your GRC journey.