NCUA Reports Recent Uptick in Cyberattacks Against Credit Unions and Third-Party Service Providers

  • Article

While technology continues to evolve, so do the tactics cybercriminals use to attack organizations – with financial institutions being a hot target. The National Credit Union Administration (NCUA) has recently observed a concerning rise in cyberattacks against credit unions, credit union service organizations (CUSOs) and other third-party vendors supplying financial services products. These attacks include incidents related to critical vulnerabilities found in the MOVEit Transfer web application, a software many institutions leverage to transfer large volumes of sensitive data, as well as other various attacks. The key vulnerabilities the NCUA has reported finding in the web-based application include:

  • CVE-2023-34362
  • CVE-2023-35036
  • CVE-2023-35708

Per the NCUA, credit unions must remain vigilant in protecting their data and operations from all threats, including ransomware, phishing or social engineering leading to business email compromises, and distributed denial-of-service (DDoS) attacks.

Best Practices to Consider

Staying proactive is critical in safeguarding your institution’s sensitive data. The NCUA recommends the top ten mitigation steps and best practices below to safeguard against these evolving cyber threats:

  1. Patch and Update MOVEit Transfer Web Application: If your credit union or CUSO uses the MOVEit Transfer web application, apply the necessary security patches immediately to address the vulnerability. Progress Software released a security advisory detailing the risks and mitigation steps, which can be accessed on the Cybersecurity & Infrastructure Security Agency website.
  2. Multi-Factor Authentication: Implement multi-factor authentication for all sensitive accounts and systems, including email accounts and remote-access portals. This adds an extra layer of protection against unauthorized access and phishing attempts.
  3. Employee Cybersecurity Awareness Training: Conduct regular cybersecurity training for all employees to raise awareness about phishing, social engineering and other common attacks. Educate employees about the risks and implications of clicking on suspicious links or opening malicious attachments.
  4. Email Security and Anti-Phishing Measures: Deploy advanced email security solutions with phishing detection and blocking capabilities. Utilize Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC) protocols to prevent email spoofing and enhance email authenticity.
  5. Incident Response Plan: Develop and regularly test an incident response plan to ensure a timely and coordinated response in the event of a cyberattack. Assign specific roles and responsibilities to designated personnel and rehearse various attack scenarios.
  6. Vendor Risk Management: Evaluate the cybersecurity practices of all third-party vendors that provide financial services and products, including CUSOs. Verify vendors use sound risk management principles, have robust security measures in place and review their security posture regularly.
  7. Network Segmentation and DDoS Protection: Implement network segmentation to contain the impact of a potential compromise. Deploy DDoS protection measures, such as traffic filtering and rate limiting, to defend against DDoS attacks.
  8. Regular Data Backups and Recovery Testing: Maintain frequent data backups and test the data recovery process regularly. In case of a ransomware attack, backups can prevent data loss and reduce the need to pay the ransom.
  9. Threat Intelligence Sharing: Participate in threat intelligence sharing communities to stay informed about emerging threats and attack trends. Sharing information can help strengthen the industry’s collective defense.
  10. Continuous Monitoring and Security Updates: Monitor network traffic, logs, and systems continuously to detect and respond promptly to any suspicious activities. Stay informed about the latest security updates and apply patches promptly.

Remaining Vigilant

Proactive cybersecurity measures safeguard the integrity, confidentiality and availability of credit union systems and data. While applying these mitigation steps and best practices may be a daunting task, your credit union doesn’t need to face them alone. Performing over 130 IT engagements annually, Doeren Mayhew’s IT Advisory and Security Group understands the cyber risks credit unions experience and can offer solutions to better manage them while also developing a strong foundation of controls to secure your overall security posture. Contact us to today to learn more about our suite of tailored IT services.

Subscribe for more VIEWPoints