Two recent ransomware attacks on real estate companies may exemplify recent claims from cybersecurity experts that hackers are increasingly targeting medium-sized and smaller companies as larger entities tighten their online security.
In January of this year, cybersecurity staff from BoostIT and workers at a real estate firm in Atlanta, Georgia, reportedly had to work 14-hour days trying to repel a ransomware cyberattack emanating from China:
“Even with recent backups available, checking each system individually, completing the restores and testing to determine which backups weren’t compromised, we watched in real-time as Chinese cyber criminals attempted to login to their servers (we blocked some 7,000 attempts per hour at the height of it). It took people on our team in excess of 100 hours of work that week. It was 14+ hour days and extremely stressful. Brent Tibbetts went above and beyond showing up early and staying late.”
As soon as the attack was detected, “everyone power(ed) off their workstations. Once ransomware compromises one machine it immediately spreads to the rest of the network…”
Next, servers had to be checked one-by-one and ransomware samples collected for analysis.
Engineers then realized that the, “(the ransomware) strain (employed in the attack) is extremely problematic,” and had passed through the company’s, “Cisco Meraki Firewall with Advanced Security License, the email security filtering, Microsoft Office 365 mail scans, and…their anti-virus protection.”
In fact, says BoostIT, only 1 in 67 anti-virus engines could detect the, “…incredibly nasty…Dharma -Adobe variant of Ransomware,” used in the hack on the Atlanta real estate firm.
All told, the team spent a full week of 12-14 hour days recovering, the company lost about 1-2 days of data, and had a single day of “complete downtime.”
Last weekend, a real estate firm in the Indian city of Kanpur was compromised by a ransomware attack, The Times of India reports.
In that attack, hackers encrypted files containing “key documents” and then demanded a ransom of bitcoins for their release.
A police officer familiar with the case told The Times of India:
“The employees were surfing the Internet when they came across a message on company’s email. The message read, ‘we have to inform you that all your files were encrypted…’ Since then, all the company’s files have been encrypted and the employees could not access them. The hacker, who took control over company’s e-mails, demanded to depositBitcoin to release data. If the company doesn’t pay the amount, they will not release the files.”
In February of last year, news outlet Bisnow published sponsored content from consultancy Baker Tilly advising real estate enterprises to escalate their cybersecurity levels as the sector becomes an increasingly attractive prospect to cybercriminals.
According to Baker Tilly Cybersecurity and IT Risk Senior Manager Mike Cullen:
“Historically, real estate companies were at lower risk because they maintained less personal information and intellectual property than financial or healthcare businesses. More recently, attackers have been drawn to the select pool of wealthy investors real estate ventures attract.”
Not only is ransomware and other malware becoming more and more available on the Dark Net, but according to Bisnow, Dark Net data markets for real estate-related data are growing:
“Data like personal information, blueprints and schematics, access to building technology systems and financial information can be sold or used to gain a competitive advantage. Money can be skimmed from tenant and vendor accounts or credit cards and extorted directly thanks to ransomware…”
There are also markets for the data that will be increasingly collected as more and more “smart-home” devices and systems connect to the Internet:
“More than directly sabotage the systems themselves, hackers can pull personal data from ‘smart’ or intelligent building infrastructure. In November 2013, hackers infiltrated Target Corp.’s HVAC contractor’s systems to steal the payment card records and other personal information of nearly 110 million customers. The company reported a gross financial loss of $252M by the end of Q4 2014 as a result of the cyberattack.”
While an attack may still occur despite precautions, much can be done in advance to offset the impact of a cyberattack on a real estate, construction or real estate-management firm, says Cullen:
“It is impossible to prevent 100% of every attack…Your security program needs to include how you react to an incident so that you can respond in a timely and thoughtful way instead of a fire drill, figure-it-out-as-you-go strategy.”