Credit Union Connection

View Original

MOVEit Transfer Web Application Vulnerability

On June 1, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) issued Progress Software Releases Security Advisory for MOVEit Transfer, a Cybersecurity Alert addressing a critical vulnerability that affects the MOVEit Transfer web application. This vulnerability is known as CVE-2023-34362.

MOVEit Transfer is a managed file transfer application used throughout the financial sector to securely transfer large volumes of sensitive data between systems. There exist indications of active exploitation of this vulnerability with resulting evidence of data exfiltration. All versions of MOVEit Transfer are affected, making it essential for credit unions to take appropriate action.

To address this issue, CISA advises credit unions to review MOVEit Transfer Critical Vulnerability Alert and apply the recommended remediation measures. Credit unions should prioritize applying necessary updates and actively searching for any signs of malicious activity.

If a credit union uncovers an incident:

Report the incident to CISA through its 24/7 Operations Center at report@cisa.gov or by calling 888.282.0870.Evaluate whether data has been compromised — if a credit union suspects data has been compromised, it should report the incident to the local FBI Field Office.Report the incident to its respective regulatory authority — either the State Supervisory Authority or the NCUA.

Prudent credit unions have effective procedures for monitoring, sharing, and responding to threat and vulnerability information. The Federal Financial Institutions Examination Council’s Cybersecurity Threat and Vulnerability Monitoring and Sharing Statement provides valuable guidance. Credit unions can reach out to their primary federal or state regulator for further clarification and best practices.