Hello, LOs!
Over the weekend, news broke of a large-scale ransomware attack affecting Cloudstar, a cloud data firm that provides services to the title industry. Immediately, industry stakeholders wondered how many loan closings would be impacted.
We still don't have clear answers on just how many closings may have been disrupted. Here's what we do know.
On Tuesday afternoon, a spokesperson for Cloudstar told me the firm's systems were still offline. Part of why we have such little information about the attack itself is because Cloudstar is keeping tight-lipped. That makes sense, cybersecurity experts tell me, because the vulnerability that the attackers exploited could be exposed.
That's a concern, especially because, as Dustin Brewer, the senior director of emerging technology and innovation at the Information Systems Audit and Control Association tells me, this attack was potentially very sophisticated.
"It seems to be very targeted and thoughtful, something that's been in their network for a long time," Brewer said. "That takes way more manpower and sophistication. These are people who actually understand the systems and are willing to do PhD-level, dissertation-level level work to find and exploit vulnerabilities."
Such attacks can frequently take as much as two weeks to resolve. Most companies, especially larger ones such as Cloudstar, which operates six data centers and claims to have 42,000 users, end up paying the ransom.
That's what happened two months ago when a cyberattack shut down a fuel pipeline that supplies the East Coast. Colonial Pipeline, a gas, diesel and jet fuel pipeline, wound up paying out $4.4 million in Bitcoin to the cyberattackers that had crippled their operations. But that didn't immediately resolve the problem — the decryption key the attackers furnished after Colonial paid the ransom was ultimately insufficient to get the system back up and running. The pipeline, which supplies 45% of the East Coast's fuel, was offline for nearly a week.
We also know very little about who Cloudstar's attackers were, and why they targeted the cloud services firm. While some ransomware groups try to gain access to a wide variety of targets, they also typically carefully select vulnerable targets. The attackers are often linked to organized crime.
Richard Hill, the Mortgage Bankers Association's vice president of industry technology, told me how attackers often work together.
"They go to an office, pass a receptionist and go up into their office and do their hacking for the day," said Hill. "That's what we're up against. They're picking off our companies and our citizens with impunity."
Hill said that taking time to conduct disaster recovery drills can help identify weak points before ransomware hackers do. Hill also advises mortgage lenders and financial services institutions to think of cybersecurity more holistically — rather than just to fulfill compliance requirements. In 2019, the MBA offered some advice to small to medium businesses looking to minimize the risk of ransomware attacks.
We are continuing to report on this story as it develops. If you have been impacted by the Cloudstar outage, or know anyone who has, please get in touch: gkromrei@housingwire.com
Georgia Kromrei
Senior Mortgage Reporter, HousingWire
EmoticonEmoticon