Digital banking functions at approximately 60 credit unions have been interrupted due to a Citrix software bug, resulting in outages impacting various services. The disruptions were caused by a ransomware attack on a third-party service provider, Ongoing Operations, a credit union information-technology firm.
Ongoing Operations has stated that there is currently no evidence of consumer data misuse, but investigations are ongoing to determine the exact nature of the impact and the affected individuals. Both Ongoing Operations and its parent company, Trellance, have not provided any comments regarding the incident.
The National Credit Union Administration has confirmed that around 60 credit unions have been affected and assured members that their deposits, up to $250,000, are covered. The regulatory agency remains in close contact with the affected credit unions to address the situation.
Maggie Pope, the CEO of Mountain Valley Federal Credit Union, revealed that the incident was indeed a ransomware attack. Online banking and bill-pay services were disrupted for the credit union, although card services and branch operations were still accessible. Online banking remains unavailable for Mountain Valley Federal Credit Union.
The core-banking software provider FedComp informed Mountain Valley of the attack on Trellance. However, FedComp has not responded to requests for comment. Furthermore, FedComp’s own services seem to have been disrupted, with their data center experiencing technical difficulties and a countrywide outage.
NY Bravest Federal Credit Union, serving New York firefighters, has also been affected by the attack through its utilization of FedComp’s core-banking services. The credit union expects to regain access to its own FedComp server soon and is working diligently to minimize disruptions. NY Bravest emphasized its commitment to its members by taking extra measures to ensure up-to-date balances were available during the outage.
The root cause of the attack can be traced back to a vulnerable cloud-networking software called NetScaler, owned by Cloud Software Group. The vulnerability, known as Citrix Bleed, was rated at the high end of the severity scale and warned of potential unauthorized data disclosure. Multiple warnings were issued by Cloud Software Group, and federal agencies, including the FBI, highlighted the risk of exploitation by ransomware groups like LockBit.
It is evident that more proactive measures need to be taken to prevent vulnerabilities like Citrix Bleed and the subsequent ransomware attacks. Suggestions include increased security measures by software vendors and a ban on ransom payments, given the growing power of ransomware actors.
The recent incidents involving credit unions and other financial institutions underscore the importance of cybersecurity and the need for continuous vigilance against emerging threats. As investigations continue, affected credit unions are working diligently to restore normalcy and ensure the security of their members’ financial data.
Disclaimer: The above article is for informational purposes only and does not constitute financial or legal advice. Please consult with a professional advisor or institution for specific guidance on your situation.