Skip to main content

What You Can Do About Ransomware Threat

By Ray Birch

RANCHO CUCAMONGA, Calif.—In the wake of a ransomware attack that shut down 60 credit unions, cyber security experts are warning many CUs are just one compromised key supplier away from being shut down, too. It’s a growing threat they say can have numerous  downstream effects on many organizations.

No institution is immune, and the best line of defense remains educating employees on how to avoid making mistakes that place a credit union, CUSO or vendor right into the hands of criminals.

“Co-op Solutions views ransomware attacks as an industry-wide threat that will continue for the foreseeable future with two main threat areas of concern,” said Christopher Williams, deputy chief information security officer at Co-op.

Feature Ransomware

The two areas of concern, according to Williams, are Ransomware-as-a-Service (RaaS) models and cyber supply chain threats.

A Proliferating Model

“With the RaaS model, an attacker doesn’t need to develop their own ransomware capability to turn a system compromise into a ransomware attack. This model has proliferated the cybercrime world. The model can quickly incorporate new tactics, techniques and procedures (TTPs) to be used by a wide range of threat actors,” he said. “The second threat area is the cyber supply chain. Attacks against key suppliers have a ripple effect across the supplier’s client-base. Many companies are one compromised key supplier away from a business crippling service impact.”

How to Respond

wlliams

Christopher Williams

Given that growing threat, what should credit unions be doing now?

“Credit unions should continue to educate their employees on the risk of ransomware attacks and the methods used to gain initial unauthorized access,” Williams advised. “Phishing remains a top attack vector, and social engineering of the service or help desk to compromise user credentials is on the rise.”

Credit unions also need to have robust backup capability—restoring to a clean and non-infected copy of system data, Williams added.

“That can help with the recovery of a ransomware attack,” he said. “In addition, they should become active members of the local area U.S. Secret Service Electronic Crimes Task Forces (ECTF) or Financial Crimes Task Forces (FCTF), which can provide advice in preventing attacks and support during suspected or actual attacks. In addition, monitor threat intelligence type sources for indications of attacks against their organizations or their vendors and new TTPs being used by attackers.

“Finally, practice the incident response to a ransomware attack. Drilling the panic and unknowns out of the process will help increase the chance of a successful recovery if an actual attack occurs,” he said.

The Good News? CUs Not Alone

Jim Stickley, CEO of Stickley on Security, said credit unions are one of many industries being affected by ransomware.

“I am not certain that ransomware is specific (to any organization), and credit unions and fintechs are just part of the much bigger picture of the state of ransomware in general,” said Stickley, who is also CEO of Troy, Mich.-based Mahalo Technologies. “Most people have this idea that cybercriminals are targeting a specific business type. While it’s true that healthcare and education are targeted directly and we also see banks and credit unions get targeted, when it comes to more general business, such as fintechs, we have not seen that level of direct attacks. Instead, what you see is employees who fall victim to phishing attacks or malicious websites.”

‘Average’ People, Not an Average Website

Stickley said when those incidents are investigated, what’s all-to-often discovered is that it was a phishing email that had been sent to hundreds of thousands of organizations that is the culprit, often in in the guise of te malicious websites that have been promoted though malvertising to “average” people. 

stickleyJim

Jim Stickley

“In these cases it’s just the low-hanging fruit. If an employee clicks the link, opens the attachment or browses to malicious sites, they open the door to the criminals. The criminals really don’t care if that organization is fintech, credit union or other business segment,” said Stickley, adding adding he does not believe the recent attack that hit DP vendor Fedcomp and than affected 60 credit unions had any company or credit union as a specific target.

“For criminals, there is little need to put a direct focus on fintech at this time since just about every business entity has similar value and so they will continue to cast a very wide net and whoever gets caught up will be their next victim,” he said.

Advice Shared

For credit unions looking to take some practical steps to defend themselves from ransomware, TruStage is sharing some strategies.

“Responding to the immediate threat of a ransomware attack or any cyber incident in a timely manner is critical to minimize data loss, contain the threat and restore operations,” Chris Gill, TruStage senior manager, risk and compliance solutions, told CUToday.info. “This is true even when that threat originates with a credit union’s third-party service provider or partner. Security incidents that do not originate at a credit union can still have a large impact on credit unions’ operations and reputation.”

Noting the affects such attacks have on member service, Gill added, “It reminds us all of the importance of having strong controls in place to minimize exposure, and to have a comprehensive business resiliency plan that is regularly tested and updated.”

Comments

Post a Comment

Please no profanity or political comments.

Popular posts from this blog

Growing Your Credit Union Without Expanding Your FOM

For many firefighter and other credit union primarly serving first responders, growth often feels tied to one big decision: expanding the Field of Membership (FOM). But what if you didn’t have to? What if growth could come from within —by deepening relationships, increasing engagement, and capturing more of the financial lives of the members you already serve? The truth is: it can. But it requires a shift in strategy. Rethinking What “Growth” Really Means Most institutions define growth as adding more members. But for single-sponsor credit unions, especially those serving first responders, a more powerful definition is: Growth = more value per member Many members only use one or two products—often a checking account and maybe an auto loan. Meanwhile, larger banks capture mortgages, credit cards, and investments. The opportunity isn’t just new members. It’s: More products per member Higher balances per relationship Greater share of wallet Your Biggest Advantage: The First Responder Life...
Post a Comment
Read Complete Article HERE>»

When Vendors Price for Giants

 Grant Sheehan CCUE | CEO Opinion: When Vendors Price for Giants, They Shrink the Future of Small Credit Unions ! There’s a quiet squeeze happening in the credit union industry, and it’s not coming from regulators or competition from big banks. It’s coming from the very vendors that claim to support the ecosystem. For small credit unions, the problem is increasingly simple and factual: the tools required to compete with digital banking platforms, fraud systems, compliance software, analytics, and payments infrastructure are priced for institutions ten or even 100 times their size. The result is a market where access to essential services is determined not by mission or member need, but by asset size. This isn’t just inconvenient. It’s structurally threatening. Vendors often defend their pricing models as a reflection of complexity or scale. Larger credit unions have more users, more transactions, more integrations, so they pay more, and that seems fair on the surface. But t...
Post a Comment
Read Complete Article HERE>»

Fed still holds off on rate increase | 2015-07-30 | CUNA News

  WASHINGTON (7/30/15)--Citing “moderate” economic expansion, the Federal Open Market Committee continues to do “a balancing act,” said CUNA Senior Economist Perc Pineda. The Federal Reserve’s monetary policy-making body completed its meeting Wednesday without edging up the federal funds interest rate. Fed Chair Janet Yellen has said the committee will opt for an interest-rate increase sometime this fall. The July meeting, however, was not the time. “The Federal Reserve continues to do a balancing act: the U.S. economy is not in a recession and definitely not overheating,” Pineda told News Now . “Changes in monetary policy after all are meant to influence an underperforming or an overheating economy.” Household spending growth has been moderate, and housing has shown additional improvement, the committee said. Labor conditions continue to improve with declining unemployment and solid job gains. Inflation is anticipated to remain near its recent low level in the near term,...
Post a Comment
Read Complete Article HERE>»

Don't say NO to your members anymore!

Does the following scenario occur at your credit union? If it does, we have a solution for you! A member comes in into your credit union and wants to know if you will loan them a couple of hundred thousand $$$ to buy a building, or can you loan him some seed money to start a new business or purchase equipment for the company they currently own, and you say,  “the credit union doesn't do those kinds of loans”.  Does this sound familiar? How many times do you and your staff say NO and literally tell a member to  “go down the street or go somewhere else” ?  Well, now, you have another option.   CU First Responders Finance (CUFR) CU First Responders Finance, LLC (CUFR)  is a partnership between the National Council of Firefighter Credit Unions, Inc.   (NCOFCU) , and Biz Lending & Insurance Center, Inc. to provide business lending origination programs to NCOFCU member credit unions. CUFR  will provide you with a turnkey operati...
Post a Comment
Read Complete Article HERE>»

Credit Union Lending Picks Up in Most Areas

Credit unions were increasing their portfolios in most areas in June, except business lending and new car loans, where portfolios fell for the 24th month in a row after seasonal adjustments, according to a CUNA Mutual Group report released Tuesday. The Madison, Wis., trade group’s Credit Union Trends Report showed new auto loan balances were $141 billion on June 30, falling at a 3.3% seasonally adjusted, annualized rate from May to June, part of the May-through-October peak car-buying season. Credit unions held $252.4 billion in used car loans on June 30, up 1.2% from May without seasonal adjustments. The Trends Report made slight adjustments to CUNA’s Monthly Credit Union Estimates released earlier in the month. In this case, its changes allowed total auto loan balances to show a slight 0.3% un-adjusted May-to-June gain, compared to being flat in the CUNA report. Steve Rick, chief economist for CUNA Mutual Group and the report’s author, said gains were stronger in other areas, includ...
Post a Comment
Read Complete Article HERE>»

What Trump’s ‘one big beautiful’ tax-and-spending package means for your money!

  Trump’s megabill will bring sweeping changes for household finances. President  Donald Trump  signed his “one big beautiful” tax-and-spending package on July 4 — legislation that will bring sweeping changes to Americans’ finances.  After the  Senate passed its version  on July 1, the House Republicans on July 3  voted to approve  the multi-trillion-dollar domestic policy legislation and send it to Trump’s desk for signature. The final bill makes permanent Trump’s  2017 tax cuts  while adding new relief, including a senior “bonus” to  offset Social Security taxes  and a  bigger state and local tax deduction . The plan also has tax breaks for  tip income , overtime pay and  auto loans , among other provisions.  The GOP’s marquee legislation will also enact deep spending cuts to social safety net programs such as  Medicaid  and food stamp benefits,  end tax credits tied to clean energy  an...
Post a Comment
Read Complete Article HERE>»

Boston Firefighters Credit Union sets up fund

Posted Mar. 27, 2014 @ 7:35 pm ROSLINDALE The Boston Firefighters Credit Union has created a fund to help support the families of Lieutenant Ed Walsh and Firefighter Michael Kennedy. "In difficult times like these, I am so proud to be mayor of a city that comes together to help our neighbors in need," said Boston Mayor Martin J. Walsh. "Since yesterday's tragic events, we've experienced an outpouring of support from across the city, state, and country. So many people have expressed a willingness to help, in some way, as we grieve the loss of Lieutenant Walsh and Firefighter Kennedy." "Although no donation can heal the wounds suffered by the Walsh and Kennedy families, we are grateful to the Boston Firefighter's Credit Union for helping us create a focal point for peoples’ generosity, and to the people of Boston, of Massachusetts, and of the United States, who have once again shown the power of a community to help healing process begin." ...
Post a Comment
Read Complete Article HERE>»

2 Historical Moments: CUNA Mutual Officially Changes Name Today, As Union Also Calls Strike

MADISON, Wis.–One of the most iconic names in credit unions and credit union history in the U.S. will officially change today when CUNA Mutual Group begins operating under the TruStage brand across the enterprise. All enterprise, business-to-business and consumer brands are now unified under the single brand name of TruStage, which the company has been using for some of its products for a number of years. The new brand is being introduced at the same time approximately 450 employees represented by Office & Professional Employees Local 39 have gone on strike. It is the first strike in the company and the union's history. As CUToday.info has been reporting, the company and the union have been at an impasse since February of 2022, when t...
Post a Comment
Read Complete Article HERE>»

Sunday Reading - How were the National Parks started?

  America's 'Best Idea'       How were the National Parks started? America's National Park System includes roughly 85 million acres of US territory, equal to the size of Germany, set aside by federal law for preservation. There are 63 areas officially designated as national parks—including the Grand Canyon, the Great Smoky Mountains, and Acadia—and more than 400 additional smaller units ( see map ). In 1872, Yellowstone was established   as the first national park dedicated to public enjoyment and recreation, though its foundation also  displaced several Native American tribes . By 1916, the growing system required the creation of the National Park Service to preserve its lands for future generations. Eventually, hunting and logging were banned in the parks, though regulated extractive activity is still permitted in nati...
Post a Comment
Read Complete Article HERE>»

2015 "Best Credit Unions to Work For"

Our congratulations to Bernie Winne CEO Boston Firefighters Credit Union for making CU Journals “Best Credit Unions to Work For” list CREDIT UNIONS WITH ASSETS MORE THAN $200 MILLION AND LESS THAN $500 MILLION Rank Credit Union 1 Infinity Federal Credit Union 2 Belvoir Federal Credit Union 3 Granite Credit Union 4 Town & Country Federal Credit Union 5 OMNI Community Credit Union 6 Boston Firefighters Credit Union 7 Atomic Credit Union 8 Icon Credit Union 9 Deseret First Credit Union 10 Nymeo Federal Credit Union 11 First Credit Union 2015 "Best Credit Unions to Work For" - Best Credit Unions to Work for
Post a Comment
Read Complete Article HERE>»