The suspected ransomware attack against Fidelity National Financial comes amid a backdrop of heightened threat activity targeting the financial services industry.
Fidelity, one of the nation’s largest title insurance companies, shut down some of its systems last week after a suspected threat group gained access to the company’s systems and stole credentials.
Fidelity is assessing the near-term financial impact of the attack, however the incident comes just weeks after a suspected ransomware attack against the U.S. trading arm of the Industrial and Commercial Bank of China.
The impact was so serious that it disrupted trading in the U.S. Treasury market.
“This is not the first time this year that ransomware has disrupted financial sector operations,” Graham Steele, assistant secretary for financial institutions at the Treasury Department, said as part of a speech at the Federal Insurance Office and NYU Stern Volatility and Risk Institute Conference on Catastrophic Cyber Risk earlier this month.
Steele referenced a January ransomware attack on the trading firm Ion, which led to a multiday disruption in the cleared derivatives business.
Another recent incident hit the nation’s third-largest mortgage servicing firm. Mr. Cooper Group shut down multiple systems at the end of October after an outside hacker gained access to some of its computer systems.
Malicious cyber activity against financial institutions runs the risk of systemic damage for multiple reasons, according to a report by Moody’s.
These institutions handle trillions of dollars each day, they are highly interconnected and rely on a great deal of technology from third-party vendors, the investor's service said.
An October report from Trustwave showed how financial institutions — particularly in the U.S. — are highly vulnerable to malicious cyber activity.
Half of all financial services companies reporting a breach were in the U.S., followed by India at only 9%. Russia and Mexico tied for third place with 7% each, Trustwave found.
The continued threat of cyber disruption places enormous pressures on these businesses, according to Trustwave CISO Kory Daniels.
“In competitive industries like finance, the pressure to evolve and embrace technology as a business is continuously pressing on the cyber program to advance quickly, otherwise they risk having unplanned exposures for threat actors to capitalize on,” Daniels said via email.
The financial services sector has become a favored target of several high-profile threat groups, too.
About 40% of ransomware incidents against financial services companies were linked to Clop, Trustwave found. However other major threat groups, including LockBit, AlphV/BlackCat, Royal and Black Basta, have also targeted financial services companies.
In July, researchers from Checkmarx disclosed what may be the first known open source supply chain attacks against the financial services sector.
The attackers used fake LinkedIn profiles and created customized command and control centers, according to Checkmarx.
The uptick in threat activity comes as regulators have been cracking down on cybersecurity compliance in recent months at the state and federal level.
The Federal Trade Commission amended its Safeguard Rule in October to require nonbank financial institutions, including payday lenders, mortgage brokers and motor vehicle dealers to report any breach involving the data of more than 500 customers.
The breach must be reported no later than 30 days after the incident, the FTC said.
New York State’s Department of Financial Services is taking action, too, reaching a $1 million settlement with First American Title Insurance on Tuesday over allegations the company exposed hundreds of millions of non-public customer documents via an exploited vulnerability in the firm’s proprietary EaglePro software.
Earlier this month, the agency amended its existing cyber regulations to require significant enhancements to cyber governance and training. The state also required regulated companies to report ransomware payments.
In a November memo, the NY DFS specifically warned regulated entities to mitigate against the critical CitrixBleed vulnerability, warning about the threat of session hijacking that has been linked to multiple attacks in recent weeks.