CUs Should Be on 'Heightened' Alert for Cybersecurity Attacks, NCUA Warns

The NCUA and several Federal agencies warn all U.S. financial institutions of possible cyber attacks coming from Russia.

NCUA official seal. (Source: NCUA)

In a recent post on its website, the NCUA issued an alert to credit unions concerning a potential or pending Russian state-sponsored cybersecurity threat due recent “malicious cyber incidents” reported in Ukraine.

According to the post, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) initially issued the alert. In its post, the NCUA added an extra warning to credit unions.

“Given current geopolitical events, the NCUA, along with CISA, the Federal Bureau of Investigation, and the National Security Agency encourage credit unions and their cybersecurity teams nationwide to adopt a heightened state of awareness and to conduct proactive threat hunting. In addition, COVID-related supply chain disruptions may require management to reevaluate previously held assumptions for business continuity and disaster recovery plans,” the statement read.

The NCUA’s statement asked credit union executives to “be aware of critical cyber risks and take urgent steps to reduce the likelihood and impact of a potentially damaging compromise.”

The CISA recently posted two issuances surrounding the possibility of a cybersecurity incident revolving around the growing political and military tensions in Ukraine. According to the CISA’s statement, “Most recently, public and private entities in Ukraine have suffered a series of malicious cyber incidents, including website defacement and private sector reports of potentially destructive malware on their systems that could result in severe harm to critical functions. The identification of destructive malware is particularly alarming given that similar malware has been deployed in the past — e.g., NotPetya and WannaCry ransomware — to cause significant, widespread damage to critical infrastructure.”

The NCUA asked all credit union leaders to review the CISA statements and “act on the applicable recommendations.” The statement from the NCUA concluded, “It is crucial that your organization does its part to improve its resilience, reducing the risk of compromise or severe business degradation.”

Read More: Joint statement from CISA, National Security Agency and the FBI.

Read More: CISA’s issuance, “Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats.”