A ransomware group behind some of the biggest cyberattacks in 2023 has taken credit for an incident involving a multibillion-dollar player in the real estate industry.
Fidelity National Financial, a Fortune 500 provider of title insurance for property sales, acknowledged an attack in regulatory documents submitted 21 November to the US Securities and Exchange Commission.[1]
On 22 November, the AlphV/Black Cat ransomware gang took credit for the intrusion, publishing a lengthy screed against the company for hiring incident responders. The group claimed the response team was from Google’s Mandiant unit. In 8-K filings first reported by TechCrunch, Fidelity National Financial did not provide specifics about its response. “Fidelity National Financial recently became aware of a cybersecurity incident that impacted certain FNF systems,” the company said. “FNF promptly commenced an investigation, retained leading experts to assist the Company, notified law enforcement authorities, and implemented certain measures to assess and contain the incident.”
Fidelity National Financial said that so far, the investigation has revealed the hackers accessed certain company systems and “acquired certain credentials.” The company did not respond to requests for comment about what that means. In the filing, company officials said they were still trying to understand whether the incident would have a material impact on operations, but there were indeed issues during the initial response. “Among other containment measures, we blocked access to certain of our systems, which resulted in disruptions to our business. For example, the services we provide related to title insurance, escrow and other title-related services, mortgage transaction services, and technology to the real estate and mortgage industries, have been affected by these measures,” the company said.
Several real estate-focused news outlets said the attack has had significant downstream effects on the industry. Real Estate News called Fidelity National Financial the “nation's largest title insurance company” and said it has stopped many scheduled home-sale closings as a result of the attack.
Real estate agents, homebuyers and more have been left in the lurch, trying to find ways to finish sales. But the system outages mean many transactions will not be completed until this week. TechCrunch spoke to several realtors last week who were exasperated by the outages, which are causing delays in closings.
Fidelity National Financial owns dozens of regional title companies like National Title of New York, Chicago Title, Alamo Title and Commonwealth Land Title. Like multiple major companies that have suffered hacks in recent weeks, Fidelity National Financial had tools exposed to the internet that were vulnerable to a bug known as CitrixBleed.
The top cybersecurity agencies in the US released an urgent warning about the issue on 21 November, warning that both nation-state hackers and cybercriminals were exploring ways to exploit the vulnerability.
Just three weeks ago, hackers targeted Texas-based mortgage giant Mr. Cooper, the largest non-bank mortgage servicer in the US. The attack prompted the company to lock down its systems, forcing people to pay off their loans by phone, mail service or Western Union.
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We can help provide cyber insurance through Cysurance. Call for assistance. For questions, comments, a demo or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
Reporting: https://www.redskyalliance.org/
Website: https://www.redskyalliance.com/
LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5993554863383553632
[1] https://therecord.media/fidelity-national-financial-ransomware-alphv-black-cat
Comments