Back to top
Join us on LinkedIn Follow us on Twitter Like us on Facebook
 
  OCTOBER RESEARCH STORE SUBSCRIBE LOG IN
AddControlToContainer_DynamicNavigation1

Cloudstar attack brings new focus to security, vulnerabilities

Add This Email A Friend Printer Friendly Version
1 comments
Cyberawareness, Industry News
Tuesday, July 20, 2021
Cloudstar still has no “definitive restoration timeline” for its cloud-hosting systems that were taken out by a ransomware attack on July 16. It also said “it is too early to speculate about what data may have been impacted” or information breached, according to a July 19 post on its website.

The company hired third-party forensics experts Tetra Defense to help in recovery efforts and contacted law enforcement. “Negotiations with the threat actor are ongoing,” the company posted.

Cloudstar operates six data centers in the U.S., serving more than 42,000 users, according to the American Land Title Association (ALTA). The attack on one of the industry’s main cloud-hosting providers left hundreds of title companies and lenders unable to conduct transactions or close loans, revealing how vulnerable the title space is to cybercriminal attacks.

“These criminals go where the money is,” Silicon Title founder and CEO Nicholas Chavez said in an interview with The Title Report. “One of the largest transactions that someone who lives in the United States will make is the purchase of a home, so that’s a fantastic target for cybercriminals.”

Chavez, who earned a master’s degree in cybersecurity from Brown University, said most of the time, those in the title industry are the victims of a “man in the middle” attack, where the criminal pretends in a spoofed email, often via a spoofed IP address or DNS server, that they are someone else (like the Realtor, mortgage broker, banker or title agent) and say that wiring instructions have changed, telling the buyer to wire their money to a fraudulent account.

Ransomware attacks involve holding a company’s information hostage until a ransom is paid, usually in cryptocurrency. The title industry is an attractive target, Chavez said, because they store massive amounts of personal data like Social Security numbers, banking information, and tax records digitally.

“Title companies, banks, and other financial services companies are primarily software companies and information brokers now,” he said.

It’s not known yet what type of ransomware attack Cloudstar experienced. Chavez said one type involves the criminals essentially locking the company out of its own servers and information until ransom is paid.

Another is far more sinister. “They basically say, ‘We’re going to encrypt files so that way you can’t back them up or access them, but if you don't do what we say in 72 hours, we’re going to expose the data someplace on the open internet,” he said.

If that were to happen in the Cloudstar case, the chain reaction would be far-reaching, Chavez said. An attack at the cloud-hosting provider could involve data from the title agency, the underwriter, banks, real estate offices, property and casualty insurance providers, and the buyer and seller. It would also affect several different states, all of which have different data privacy laws. California and New York have some of the strictest.

“Given the total number of clients that Cloudstar serves, and the extent of the U.S. population concentration in New York and California, it is very possible that we will see some cascading second- and third-order consequences if the attack results in a data breach,” Chavez said.

Prevention is the best defense against cyberattacks, said Bruce Phillips, senior vice president and chief information security officer at WEST, a WFG company. To protect themselves, title companies and agents need a comprehensive plan in place, he told The Title Report.

“This includes creating and implementing an Incidence Response Plan, as well as putting fail-safes in place to ensure that they have access to their data and systems on at least a limited basis during times of crisis,” he said. “These systems and data sources should be independent of the company’s main systems and data storage providers, as well as directly accessible. Data protection techniques such as data encryption should also be implemented.”

Sensitive data should be copied to an offline backup system outside of the title company’s other service providers and inaccessible through those providers, Phillips added.

“By implementing this safeguard, title companies can prevent cybercriminals from accessing their backup files during a ransomware breach and ensure that they have direct access to their own data following a breach,” he said.

“Before loading backup data into their operating systems, title companies need to confirm that their operating system has not been compromised or corrupted as well,” Phillips said. “As a fallback, they should also have a standalone copy of their operating system that they can load onto a desktop computer along with their backup data source, so nothing is entirely inaccessible or lost. This will enable them to continue working following an attack, albeit at a slower pace.”

Also, team members need to be trained to identify phishing attempts and other malicious tactics, Phillips said.

It’s also crucial that title agencies work with outside companies that have cybersecurity experts on their management teams, Chavez said.

“IBM reports the average cost of a data breach in the United States is $8.64 million. With this type of financial risk, it is absolutely imperative that a company have competent cybersecurity leadership in the form of a chief information security officer or at the very least someone who has been formally educated in cybersecurity with a seat at the board level, especially for financial services and insurance companies,” he said.

Offering help

Many title and technology companies have stepped up to offer their services to help those left without access to their title and escrow production systems.

Mid South Title tweeted that its office is unaffected by the Cloudstar attack and that it’s willing to assist title agents in Tennessee or Louisiana that may need help.

Generes & Associates, the only authorized Landtech reseller in the U.S., invited affected Landtech users who need temporary online facilities or processing help to complete transactions to contact them for assistance.

SoftPro, RamQuest and Qualia are also offering help to affected title companies.

“Qualia is offering Qualia Core at no cost, on a temporary basis, to assist Cloudstar customers in regrouping and recovering operational capacity during this critical period,” Qualia CEO Nate Baker said in a post on the company’s website.

Qualia Core, which includes workflows, accounting, and reporting, is available to affected Cloudstar customers at no cost and with no ongoing commitments for three months, Vice President of Marketing Matt Kaufman told The Title Report.

“We've increased our onboarding capacity to help manage the surge and have already had several onboardings that are already opening orders,” Kaufman said July 19.

Today's other top stories
Realogy to rebrand as Anywhere Real Estate
First American’s venture capital arm named Parker89
North Carolina credit unions launch JV with Investors Title
Skyline Lien Search launches title search service
LandStar Title names VPs of sales


COMMENT BOX DISCLAIMER:
October Research is not responsible for the comments posted on its websites by readers. We will do our best to remove comments that include profanity or personal attacks or other inappropriate comments.
Comments:

Monday, August 2, 2021
Thank you for taking the time to interview me. I am happy to be of service to anyone who may have been impacted by the attack. Please feel free to reach out via the contact form on the https://www.silicontitle.com website. Thank you! Nicholas Chavez, CEO Silicon Title

Leave your comment
CAPTCHA Validation
CAPTCHA
Code:
: 
: 
Your Email is for reporting purposes only. It will NOT be displayed.
Popularity:
This article has been viewed 7958 times.

Tweets from @TheTitleReport/lists/around-the-industry
News by Topic   News by Edition   Special Reports   Webinars   Subscribe
Announcements
Conference Coverage
Cyberawareness
Industry News
Market Data
People on the Move
Technology
Trendsetters
The TRID Journey
 
April 11, 2022
April 25, 2022
May 9, 2022
May 23, 2022
Archives
 
Voice of the Title Agent Report
Mergers & Acquisitions
State of the Industry Report
Title Technology Report
Real Estate Compliance Outlook
Trendsetters
Archives
 
 
Modernizing Your Brand
Utilizing Tech for RESPA Compliance
Collaborating on eClosings
Economic Forecast Series
Industry and Regulatory Outlook
Archives
 
Newsletter Subscriptions
Free Email Updates
Try a Free Edition
  Resources   About   Store  
 
eClosing Solutions Showcase
Best Practices Provider Directory
Industry Partners
 
The Title Report
Contact / Editors
Social Media
Advertise
Are You An Expert?
Subscriber Agreement
 
NS3 The Summit
Other Newsletters
The Legal Description
RESPA News
Valuation Review
Dodd Frank Upate
 
                 
Copyright © 1999-2022 The Title Report
An October Research, LLC publication
3046 Brecksville Road, Suite D, Richfield, OH 44286
(330) 659-6101, All Rights Reserved
www.thetitlereport.com | Privacy Policy
VISIT OUR OTHER WEBSITES
> Valuation Review
> RESPA News
> The Legal Description
> Dodd Frank Update
> The October Store


Loading... Loading...
Featuring:
  • Delivery 3X a week plus breaking news as it happens
  • Comprehensive title insurance industry news
  • Recent acquisitions, mergers, real estate stats
  • Exclusive in-depth coverage of the industry's hottest stories
Featuring:
  • Delivery 2X a week plus breaking news as it happens
  • Comprehensive Dodd-Frank coverage
  • The latest information from the CFPB
  • Full coverage of Congressional hearings
  • Updates on all agency actions
  • Analysis of controversial provisions
  • Release of newest studies and reports
Sign up today and...
  • Be one of the first to know where NS3 is being held
  • Learn about NS3 speakers and sessions
  • Save on registration with Super-Early Bird rates
  • Discover the networking opportunities NS3 offers
  • Find out if CE credits will be offered for your area
  • And much more
Featuring:
  • Delivery 2X a week plus breaking news as it happens
  • Preview the latest RESPAnews.com Top Story
  • RESPA related headline news
  • Quote of the Week
Featuring:
  • Delivery 2X a week plus breaking news as it happens
  • Legal, regulatory and legislative information impacting the settlement services industry
  • News from HUD, Congress, state legislatures and other regulatory agencies
  • Follow the lobbying efforts of all the major national real estate services organizations.
Featuring:
  • Delivery 2X a week plus breaking news as it happens
  • The industry's only full-time newsroom
  • Relevant, up-to-date appraisal industry news
  • Covering the hottest stories and industry trends
NEWS BY TOPIC
NEWS BY EDITION
SPECIAL REPORTS
WEBINARS
RESOURCES
FREE EMAIL UPDATES
ABOUT
SUBSCRIBE
Announcements
Conference Coverage
Cyberawareness
Industry News
Market Data
People on the Move
Technology
Trendsetters
The TRID Journey
Sponsored Content
Nominate a Trendsetter
What is Trendsetters
Current Edition
April 25, 2022
April 11, 2022
March 28, 2022
Archives
Best Practices
2022 Voice of the Title Agent
Attorney State Perspectives
Mergers and Acquisitions
2022 State of the Industry
Sales & Marketing Tools
Trendsetters
Archives
Nominate a Trendsetter
What is Trendsetters?
Evolving Consumer Relationships
Understanding Cyber Insurance
Modernizing Your Brand
Tech for RESPA Compliance
Collaborating on eClosings
2022 Economic Forecast Series
Industry and Regulatory Outlook
Diversifying Your Office
Webinar Archives
Executive Interview Series
eClosing Solutions Showcase
Best Practices Provider Directory
Industry Partners
The Title Report
Contact Us
Social Media
Advertise
Are You An Expert?
Subscriber Agreement