'SolarWinds' Cyberattack: What Your Credit Union Should Know

Lap top keyboard

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert in response to a known compromise involving SolarWinds Orion products, as well as the subsequent breaches to its customers, which has impacted every corner of the economy, including the federal government, banks, credit unions, and other entities.

Key Takeaways

  • The data breach took place between March 2020 and June 2020 and pushed malicious code to an estimated 18,000 SolarWinds customers via Orion. These customers include government agencies, financial institutions (credit unions), and vendors serving financial institutions.
  • In addition to the alert, CISA also issued an emergency directive on mitigating the compromise. CISA encourages affected organizations with suspected compromises to be highly conscious of operational security, including when engaging in incident response activities and planning and implementing remediation plans.
  • CISA will continue to work with its partners to monitor for active exploitation associated with this vulnerability. CISA will release additional indicators of compromise as they become available.
  • CISA will provide additional guidance to agencies via the CISA website, through an emergency directive issuance coordination call, and through individual engagements upon request (via CyberDirectives@cisa.dhs.gov).
  • The Treasury Department is also seeking feedback from financial institutions that have run the compromised SolarWinds Orion systems at OCCIP-Coord@treasury.gov or anonymously through FS-ISAC at sharingops@fsisac.com.

In addition, the Credit Union National Association (CUNA) sent a letter on Dec. 17 to the National Credit Union Association (NCUA) to express concerns about the recent SolarWinds cyberattack and its impact on the agency. The letter suggests that the NCUA consider issuing guidance to alleviate stress from impacted credit unions as the full scope of the data breach is yet to be determined due to the complexity of the attack.

The California and Nevada Credit Union Leagues will continue to monitor these developments and provide credit unions with the very latest information as it becomes available.


Pin It