Back to top
Join us on LinkedIn Follow us on Twitter Like us on Facebook Follow us on Instagram
 
  OCTOBER RESEARCH STORE SUBSCRIBE LOG IN
AddControlToContainer_DynamicNavigation1

Cloudstar attack brings new focus to security, vulnerabilities

Email A Friend Printer Friendly Version
1 comments
Cyberawareness, Industry News
Tuesday, July 20, 2021
Cloudstar still has no “definitive restoration timeline” for its cloud-hosting systems that were taken out by a ransomware attack on July 16. It also said “it is too early to speculate about what data may have been impacted” or information breached, according to a July 19 post on its website.

The company hired third-party forensics experts Tetra Defense to help in recovery efforts and contacted law enforcement. “Negotiations with the threat actor are ongoing,” the company posted.

Cloudstar operates six data centers in the U.S., serving more than 42,000 users, according to the American Land Title Association (ALTA). The attack on one of the industry’s main cloud-hosting providers left hundreds of title companies and lenders unable to conduct transactions or close loans, revealing how vulnerable the title space is to cybercriminal attacks.

“These criminals go where the money is,” Silicon Title founder and CEO Nicholas Chavez said in an interview with The Title Report. “One of the largest transactions that someone who lives in the United States will make is the purchase of a home, so that’s a fantastic target for cybercriminals.”

Chavez, who earned a master’s degree in cybersecurity from Brown University, said most of the time, those in the title industry are the victims of a “man in the middle” attack, where the criminal pretends in a spoofed email, often via a spoofed IP address or DNS server, that they are someone else (like the Realtor, mortgage broker, banker or title agent) and say that wiring instructions have changed, telling the buyer to wire their money to a fraudulent account.

Ransomware attacks involve holding a company’s information hostage until a ransom is paid, usually in cryptocurrency. The title industry is an attractive target, Chavez said, because they store massive amounts of personal data like Social Security numbers, banking information, and tax records digitally.

“Title companies, banks, and other financial services companies are primarily software companies and information brokers now,” he said.

It’s not known yet what type of ransomware attack Cloudstar experienced. Chavez said one type involves the criminals essentially locking the company out of its own servers and information until ransom is paid.

Another is far more sinister. “They basically say, ‘We’re going to encrypt files so that way you can’t back them up or access them, but if you don't do what we say in 72 hours, we’re going to expose the data someplace on the open internet,” he said.

If that were to happen in the Cloudstar case, the chain reaction would be far-reaching, Chavez said. An attack at the cloud-hosting provider could involve data from the title agency, the underwriter, banks, real estate offices, property and casualty insurance providers, and the buyer and seller. It would also affect several different states, all of which have different data privacy laws. California and New York have some of the strictest.

“Given the total number of clients that Cloudstar serves, and the extent of the U.S. population concentration in New York and California, it is very possible that we will see some cascading second- and third-order consequences if the attack results in a data breach,” Chavez said.

Prevention is the best defense against cyberattacks, said Bruce Phillips, senior vice president and chief information security officer at WEST, a WFG company. To protect themselves, title companies and agents need a comprehensive plan in place, he told The Title Report.

“This includes creating and implementing an Incidence Response Plan, as well as putting fail-safes in place to ensure that they have access to their data and systems on at least a limited basis during times of crisis,” he said. “These systems and data sources should be independent of the company’s main systems and data storage providers, as well as directly accessible. Data protection techniques such as data encryption should also be implemented.”

Sensitive data should be copied to an offline backup system outside of the title company’s other service providers and inaccessible through those providers, Phillips added.

“By implementing this safeguard, title companies can prevent cybercriminals from accessing their backup files during a ransomware breach and ensure that they have direct access to their own data following a breach,” he said.

“Before loading backup data into their operating systems, title companies need to confirm that their operating system has not been compromised or corrupted as well,” Phillips said. “As a fallback, they should also have a standalone copy of their operating system that they can load onto a desktop computer along with their backup data source, so nothing is entirely inaccessible or lost. This will enable them to continue working following an attack, albeit at a slower pace.”

Also, team members need to be trained to identify phishing attempts and other malicious tactics, Phillips said.

It’s also crucial that title agencies work with outside companies that have cybersecurity experts on their management teams, Chavez said.

“IBM reports the average cost of a data breach in the United States is $8.64 million. With this type of financial risk, it is absolutely imperative that a company have competent cybersecurity leadership in the form of a chief information security officer or at the very least someone who has been formally educated in cybersecurity with a seat at the board level, especially for financial services and insurance companies,” he said.

Offering help

Many title and technology companies have stepped up to offer their services to help those left without access to their title and escrow production systems.

Mid South Title tweeted that its office is unaffected by the Cloudstar attack and that it’s willing to assist title agents in Tennessee or Louisiana that may need help.

Generes & Associates, the only authorized Landtech reseller in the U.S., invited affected Landtech users who need temporary online facilities or processing help to complete transactions to contact them for assistance.

SoftPro, RamQuest and Qualia are also offering help to affected title companies.

“Qualia is offering Qualia Core at no cost, on a temporary basis, to assist Cloudstar customers in regrouping and recovering operational capacity during this critical period,” Qualia CEO Nate Baker said in a post on the company’s website.

Qualia Core, which includes workflows, accounting, and reporting, is available to affected Cloudstar customers at no cost and with no ongoing commitments for three months, Vice President of Marketing Matt Kaufman told The Title Report.

“We've increased our onboarding capacity to help manage the surge and have already had several onboardings that are already opening orders,” Kaufman said July 19.

Today's other top stories
Real Title continues expansion
Data privacy experts discuss safety concerns, industry future
WFG mourns passing of regional manager
Landmark Title appoints Arizona unit manager
Brokerage Engine, Payload partner on payment automation


COMMENT BOX DISCLAIMER:
October Research is not responsible for the comments posted on its websites by readers. We will do our best to remove comments that include profanity or personal attacks or other inappropriate comments.
Comments:

Monday, August 2, 2021
Thank you for taking the time to interview me. I am happy to be of service to anyone who may have been impacted by the attack. Please feel free to reach out via the contact form on the https://www.silicontitle.com website. Thank you! Nicholas Chavez, CEO Silicon Title

Leave your comment
CAPTCHA Validation
CAPTCHA
Code:
: 
: 
Your Email is for reporting purposes only. It will NOT be displayed.
Popularity:
This article has been viewed 8686 times.

Tweets from @TheTitleReport/lists/around-the-industry
News by Topic   News by Edition   Special Reports   Events   Subscribe
Announcements
Conference Coverage
Cyberawareness
Industry News
Market Data
People on the Move
Technology
Trendsetters
The TRID Journey
 
April 10, 2023
April 24, 2023
May 8, 2023
May 22, 2023
Archives
 
2023 Voice of the Title Agent Report
2023 State of the Industry Report
eClosing Security
Title Technology Report
Real Estate Compliance Outlook
Trendsetters
Archives
 
 
National Settlement Services Summit (NS3)
Women's Leadership Summit (WLS)
Webinars
 
Newsletter Subscriptions
Free Email Updates
Try a Free Edition
  Resources   About   Other Publications  
 
eClosing Solutions Showcase
Best Practices Provider Directory
Industry Partners
 
The Title Report
Contact / Editors
Social Media
Advertise
Are You An Expert?
Subscriber Agreement
 
The Legal Description
RESPA News
Valuation Review
Dodd Frank Upate
 
                 
Copyright © 1999-2023 The Title Report
An October Research, LLC publication
3046 Brecksville Road, Suite D, Richfield, OH 44286
(330) 659-6101, All Rights Reserved
www.thetitlereport.com | Privacy Policy
VISIT OUR OTHER WEBSITES
> Valuation Review
> RESPA News
> The Legal Description
> Dodd Frank Update
> The October Store


Loading... Loading...
Featuring:
  • Delivery 3X a week plus breaking news as it happens
  • Comprehensive title insurance industry news
  • Recent acquisitions, mergers, real estate stats
  • Exclusive in-depth coverage of the industry's hottest stories
Featuring:
  • Delivery 2X a week plus breaking news as it happens
  • Comprehensive Dodd-Frank coverage
  • The latest information from the CFPB
  • Full coverage of Congressional hearings
  • Updates on all agency actions
  • Analysis of controversial provisions
  • Release of newest studies and reports
Sign up today and...
  • Be one of the first to know where NS3 is being held
  • Learn about NS3 speakers and sessions
  • Save on registration with Super-Early Bird rates
  • Discover the networking opportunities NS3 offers
  • Find out if CE credits will be offered for your area
  • And much more
Featuring:
  • Delivery 2X a week plus breaking news as it happens
  • Preview the latest RESPAnews.com Top Story
  • RESPA related headline news
  • Quote of the Week
Featuring:
  • Delivery 2X a week plus breaking news as it happens
  • Legal, regulatory and legislative information impacting the settlement services industry
  • News from HUD, Congress, state legislatures and other regulatory agencies
  • Follow the lobbying efforts of all the major national real estate services organizations.
Featuring:
  • Delivery 2X a week plus breaking news as it happens
  • The industry's only full-time newsroom
  • Relevant, up-to-date appraisal industry news
  • Covering the hottest stories and industry trends
NEWS BY TOPIC
NEWS BY EDITION
SPECIAL REPORTS
EVENTS
RESOURCES
FREE EMAIL UPDATES
ABOUT
SUBSCRIBE
Announcements
Conference Coverage
Cyberawareness
Industry News
Market Data
People on the Move
Technology
Trendsetters
The TRID Journey
Sponsored Content
Nominate a Trendsetter
What is Trendsetters
Current Edition
May 8, 2023
April 24, 2023
April 10, 2023
Archives
2023 Voice of the Title Agent
2023 State of the Industry
eClosing Security
2022 Title Technology Report
Real Estate Compliance Outlook
Best Practices
Attorney State Perspectives
Trendsetters
Archives
Nominate a Trendsetter
What is Trendsetters?
National Settlement
Services Summit (NS3)
Women's Leadership
Summit (WLS)
Webinars
Drive Revenue with eClosings
2023 Economic Forecast Series
Evolving Lender and Title
Relationships
CFPB Unconstitutionally funded?
Manufactured Housing
Evolving Realtor Relationships
CFPB Update
Webinar Archives
Executive Interview Series
eClosing Solutions Showcase
Best Practices Provider Directory
Industry Partners
The Title Report
Contact Us
Social Media
Advertise
Are You An Expert?
Subscriber Agreement