Skip to main content

What You Can Do About Ransomware Threat

By Ray Birch

RANCHO CUCAMONGA, Calif.—In the wake of a ransomware attack that shut down 60 credit unions, cyber security experts are warning many CUs are just one compromised key supplier away from being shut down, too. It’s a growing threat they say can have numerous  downstream effects on many organizations.

No institution is immune, and the best line of defense remains educating employees on how to avoid making mistakes that place a credit union, CUSO or vendor right into the hands of criminals.

“Co-op Solutions views ransomware attacks as an industry-wide threat that will continue for the foreseeable future with two main threat areas of concern,” said Christopher Williams, deputy chief information security officer at Co-op.

Feature Ransomware

The two areas of concern, according to Williams, are Ransomware-as-a-Service (RaaS) models and cyber supply chain threats.

A Proliferating Model

“With the RaaS model, an attacker doesn’t need to develop their own ransomware capability to turn a system compromise into a ransomware attack. This model has proliferated the cybercrime world. The model can quickly incorporate new tactics, techniques and procedures (TTPs) to be used by a wide range of threat actors,” he said. “The second threat area is the cyber supply chain. Attacks against key suppliers have a ripple effect across the supplier’s client-base. Many companies are one compromised key supplier away from a business crippling service impact.”

How to Respond

wlliams

Christopher Williams

Given that growing threat, what should credit unions be doing now?

“Credit unions should continue to educate their employees on the risk of ransomware attacks and the methods used to gain initial unauthorized access,” Williams advised. “Phishing remains a top attack vector, and social engineering of the service or help desk to compromise user credentials is on the rise.”

Credit unions also need to have robust backup capability—restoring to a clean and non-infected copy of system data, Williams added.

“That can help with the recovery of a ransomware attack,” he said. “In addition, they should become active members of the local area U.S. Secret Service Electronic Crimes Task Forces (ECTF) or Financial Crimes Task Forces (FCTF), which can provide advice in preventing attacks and support during suspected or actual attacks. In addition, monitor threat intelligence type sources for indications of attacks against their organizations or their vendors and new TTPs being used by attackers.

“Finally, practice the incident response to a ransomware attack. Drilling the panic and unknowns out of the process will help increase the chance of a successful recovery if an actual attack occurs,” he said.

The Good News? CUs Not Alone

Jim Stickley, CEO of Stickley on Security, said credit unions are one of many industries being affected by ransomware.

“I am not certain that ransomware is specific (to any organization), and credit unions and fintechs are just part of the much bigger picture of the state of ransomware in general,” said Stickley, who is also CEO of Troy, Mich.-based Mahalo Technologies. “Most people have this idea that cybercriminals are targeting a specific business type. While it’s true that healthcare and education are targeted directly and we also see banks and credit unions get targeted, when it comes to more general business, such as fintechs, we have not seen that level of direct attacks. Instead, what you see is employees who fall victim to phishing attacks or malicious websites.”

‘Average’ People, Not an Average Website

Stickley said when those incidents are investigated, what’s all-to-often discovered is that it was a phishing email that had been sent to hundreds of thousands of organizations that is the culprit, often in in the guise of te malicious websites that have been promoted though malvertising to “average” people. 

stickleyJim

Jim Stickley

“In these cases it’s just the low-hanging fruit. If an employee clicks the link, opens the attachment or browses to malicious sites, they open the door to the criminals. The criminals really don’t care if that organization is fintech, credit union or other business segment,” said Stickley, adding adding he does not believe the recent attack that hit DP vendor Fedcomp and than affected 60 credit unions had any company or credit union as a specific target.

“For criminals, there is little need to put a direct focus on fintech at this time since just about every business entity has similar value and so they will continue to cast a very wide net and whoever gets caught up will be their next victim,” he said.

Advice Shared

For credit unions looking to take some practical steps to defend themselves from ransomware, TruStage is sharing some strategies.

“Responding to the immediate threat of a ransomware attack or any cyber incident in a timely manner is critical to minimize data loss, contain the threat and restore operations,” Chris Gill, TruStage senior manager, risk and compliance solutions, told CUToday.info. “This is true even when that threat originates with a credit union’s third-party service provider or partner. Security incidents that do not originate at a credit union can still have a large impact on credit unions’ operations and reputation.”

Noting the affects such attacks have on member service, Gill added, “It reminds us all of the importance of having strong controls in place to minimize exposure, and to have a comprehensive business resiliency plan that is regularly tested and updated.”

Comments

Post a Comment

Please no profanity or political comments.

Popular posts from this blog

Unlocking the Future: How Generative AI is Transforming Credit Unions

  Unlocking the Future: How Generative AI is Transforming Credit Unions In the rapidly evolving financial landscape, technology plays an increasingly pivotal role. Among the most exciting advancements is Generative AI, which is poised to transform how credit unions operate and serve their members. Read on to discover how generative AI can reshape the member experience and optimize operations within credit unions. What is Generative AI? Generative AI refers to a class of artificial intelligence that can create new content—such as text, images, and audio—based on existing data. Unlike traditional AI, which focuses on analyzing and recognizing patterns, generative AI synthesizes new information, offering exciting possibilities for financial institutions, particularly credit unions. The Applications of Generative AI in Credit Unions Personalized Financial Advice Credit unions pride themselves on their member relationships, and generative AI can enhance these connections....
Post a Comment
Read Complete Article HERE>»

👨‍👩‍👧‍👦 You Need to Prepare Now to Compete for New Fed Gov’t Funded Savings Accounts for Children

WASHINGTON–Credit unions, which often talk about the need for younger members, will now have the opportunity to compete in a new arena for the youngest members of all, as the recently passed reconciliation bill includes language creating and funding for a new savings account for children, with a one-time deposit of $1,000 from the federal government for those born in 2025 through 2028. The new accounts are expected to create a new battleground of competition for credit unions as every provider from banks to fintechs to others seeks to capture the accounts.  The final version of the bill makes the tax-free savings accounts for minors, called Trump accounts, a form of individual retirement account (IRA) under Sec. 408(a), according to the Journal of Accountancy. Under the legislation, the accounts will be IRAs (but not Roth IRAs) for the exclusive benefit of individuals under 18.  About the Contributions “Contributions can only be made in calendar years before the beneficia...
Post a Comment
Read Complete Article HERE>»

Live Podcast with Bonnie Sensing, Executive VP of Nashville Firemen's Credit Union on BSA

Jo in us in this live episode as Grant Sheehan, CCUE | CEO of the National Council of Firefighter Credit Unions (NCOFCU), interviews Bonnie Sensing, Executive VP of Nashville Firemen's Credit Union. We break down the BSA complex regulations, explore BSA compliance strategies, and discuss real-world implications for directors and staff. BSA Podcast YouTube NCOFCU Podcasts  
Post a Comment
Read Complete Article HERE>»

Before You Push Send!

  The Art of Thoughtful Discourse in a Noisy World In an era where opinions flood every corner of social media, news platforms, and casual conversations, the sheer volume of voices can be both inspiring and overwhelming. Everyone seems to have something to say, and while it's a beautiful thing to witness such diverse perspectives, it raises an important question: how can we ensure that our contributions are meaningful and resonate with others? The Power of Evidence-Based Opinions At the heart of impactful communication lies the value of substantiation. Personal views are indeed intriguing and can spark engaging discussions. However, without solid evidence or context to support them, these opinions can quickly lose their potency. When we articulate our thoughts without backing them up, we risk contributing to the noise rather than enhancing the dialogue. To make meaningful contributions, it’s essential to prioritize reasoning over reflexivity. Taking the time to gathe...
Post a Comment
Read Complete Article HERE>»

The Case for Advisory Committees in Credit Unions

  Grant Sheehan, CEO, NCOFCU The Case for Advisory Committees in Credit Unions: Ensuring Vibrant Leadership and Member Engagement In the world of credit unions, the leadership structures often reflect a unique balance of tradition and innovation. For many credit union boards of directors, tenure can stretch over decades, creating a wealth of experience and stability. However, when these long-serving members retire from the host company, a common phenomenon arises: a reluctance to leave their positions. While their dedication is commendable, this situation can pose challenges to the credit union’s ability to adapt to the evolving needs of its membership. As directors transition into retirement, they may find that their connection to the credit union and its members has diminished. Having spent years in leadership, their focus can inadvertently shift to legacy management—relying heavily on what has historically worked rather than embracing new strategies. This is where t...
Post a Comment
Read Complete Article HERE>»