US real estate financial services fat cat, Fidelity National Financial (FNF), has revealed details of a cybersecurity breach that occurred in November, exposing the details of 1.3 million customers. An updated filing to the US Securities and Exchange Commission (SEC) claims the attack, which occurred on November 19, 2023, was detected early on and successfully contained.
But despite FNF’s best efforts, over a million customers will wonder if the threat actors behind the breach also believe that their attack has been successfully “contained.” The nature of their target suggests otherwise. A Fortune 500 company, FNF is one of the largest companies of its kind in the US, with an annual revenue of over $10 billion, a market capitalization of $13.3 billion, and a staff of over 23,000 people.
Not only is it the kind of cash-rich operation that ransomware gangs and online bank robbers relish, but it is the perfect victim for the kind of pre- and after-sales services beloved by the leading ransomware gangs. The techniques used for extorting money from their unfortunate victims include selling the stolen data, often containing personal and corporate financial details, in job lots via auctions on criminal forums. Another technique is trying to monetize the details themselves by targeting the customers via innocent-appearing emails, messages, and phone calls.
Real estate sector is an ideal target
The real estate sector is an ideal target for the latter technique. As considerable sums of money frequently change through several pairs of hands on a single property transaction, the potential rewards for a successful spear phishing or straightforward man-in-the-middle cyber-attacks could easily divert substantial funds into criminal hands. The process of laundering such ill-gotten gains has also been vastly simplified by the plethora of dodgy currencies that now abound.
Another nasty legacy that sometimes appears in the wake of a cybersecurity ‘incident,’ even one that seems to have been contained, comes in the form of subsequent attacks on third-party suppliers. Many organizations often lose track of their supply chain. As staff frequently download all kinds of goods and services without the IT department’s explicit permission, there can be many potential breaches across organizations, making it all-but-impossible to trace where the original breach took place.
The necessity to file reports of significant attacks to the SEC has created transparency that enables the authorities to assist the private sector in fighting the attacks. But both the SEC, the victims of cyber attacks, and law enforcement agencies are now becoming increasingly aware that containing the attack and reporting it to the SEC may only be the beginning of the battle in the future.
