SECURITY
SECURITY
SECURITY
New Citrix Bleed ransomware threat hits many credit unions
Ransomware groups are leveraging new attacks using the Citrix Bleed vulnerability.
Late last week saw more than 60 credit unions’ operations disrupted, thanks to a common technology services provider’s unpatched Netscaler servers. Representatives from the National Credit Union Administration confirmed the outage happened in a post for The Register over the weekend.
The provider is Trellance Cooperative Holdings Inc. It owns two different providers, one called Ongoing Operations LLC and the other called Fedcomp. Both of them told their respective customers of outages affecting their systems. The former sent out a note on Dec. 2 about an “ongoing cyber security incident” that happened on Nov. 26. Fedcomp posted and then removed notice about a potential incident and didn’t respond to reporters’ inquiries.
“Trellance and FedComp have been working around the clock to get our systems along with other credit unions around the country that have experienced the same issue back online,” Maggie Pope, chief executive of the Mountain Valley Federal Credit Union in Peru, New York, wrote in a memo to its members last week.
A post from cybersecurity researcher Kevin Beaumont claims that the issues had to do with Citrix Bleed, which he claims attacked two of Ongoing Operations Netscaler servers that hadn’t been patched since this summer. Citrix Bleed was first discovered several months ago, and a patch was released by the company in October.
Citrix Bleed has become a popular way for ransomware actors to compromise their victims because the Citrix servers have a great deal of authentication knowledge encoded in their operations as load balancing appliances. The vulnerability steals session tokens to allow bad actors to avoid multifactor authentication controls.
Credit unions have been a tempting target for ransomware attacks because they have relatively immature security solutions compared with commercial banks and other larger financial services companies. Their national association put in place new rules that came into force in September requiring all federally insured unions to report any breaches within 72 hours. Since then, it has seen 146 incidents reported in the first month, a figure it typically would see in an entire year.
Image: OpenClipart-Vectors/Pixabay
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
