US Housing Market Hit by Threat Actors

Written by Dom Kirby

Former MSP Owner, CyberSec Practitioner, Modern Work Pro, Evangelist, Husband & Father

November 28, 2023

Two recent incidents have caught my attention, and they’re impacting the housing market in a real way at this stage. Mr. Cooper is a loan servicer that claims to have over 4.3 million customers. They experienced an attack around Halloween. And, more recently, AlphV/Black Cat claimed the ransomware attack against Fidelity National Financial (FNF), allegedly the nation’s largest title insurance company. Notably for Fidelity, Kevin Baumont reported that they were exposed to CitrixBleed (CVE-2023-4966). But, I’m not going to get into those specifics too far (The Record did a great job of that). Let’s talk about this perfect illustration of real-world impact.

Mortgages Not Getting Paid

The impact of the Mr. Cooper incident seems to primarily revolve around mortgage payment. That is, because they had to pull systems down, many cannot pay their mortgage online like they’re used to doing. In case you need a quick economic refresher, mortgages end up in mortgage-backed securities. That is to say, the debt on your home is traded in a packaged security that investors can invest in, and your interest is what they make money on. Obviously, an incident of this scale (4.3 million mortgages allegedly) comes with some macroeconomic concern. Economic collapse? Probably not. But still, the impact is palpable. Not to mention the fact that millions of homeowners are likely worries about the security of their mortgage and personal data.

Real Estate Transactions Not Closing

In my opinion, the FNF incident is even more concerning. Title insurance is a critical part of the home closing process. Without it, the transaction cannot finish. FNF being the ‘largest’ provider there is, you can imagine the impact is real. According to Real Estate News, this impact has been realized. They spoke with a broker in California:

“I got a call from the escrow company, Chicago Title,” she said. “They told me there was a security breach and because of that they have to shut down the whole system, all over the country,” she said. “The closing system is down at least until Sunday. They can’t send any wires, can’t release for recording.” (from Real Estate News)

Of note: Chicago Title is a subsidiary of FNF. In the complex world of real estate transactions, this is really bad news. It means that, if you were planning to close on your new home (or the sale of your home), you simply cannot. In the case reported here, the lending bank had already funded the loan:

“So my buyers are paying a mortgage already on a home they don’t own.” (from Real Estate News)

The Real World Impact

I’m not writing this to deep dive an incident, so much as to share this illustration of real-world impact. Real estate transactions are very time sensitive, and navigating these types of issues can’t be easy. Imagine if a cyber-attack stopped securities trading. What would the impact of that be? How about when hospitals have to divert patients? What if, as a small business owner, you can’t deliver on promises made to your customers? What’s the impact of that?

This is why we constantly advocate for better cyber hygiene and posture. It’s why we won’t shut up about frameworks and the bell-curve. It’s why we talk about the cybersecurity poverty line. It’s why I think organizations like school districts need to be better funded for cybersecurity. We must raise the tide, because the stakes are cooling off. They’re just getting started.

You May Also Like…

Data Loss Prevention for Any SMB

Data Loss Prevention for Any SMB

It's time for a new guide for MSPs! The Safeguards within CIS Control 3 speak to the need for proper Data Protection....

CISA’s Secure by Design Pledge

CISA’s Secure by Design Pledge

In some very exciting news today, CISA announced their Secure by Design Pledge. The Secure by Design Pledge is a...