WFG News

Cloudstar attack puts focus on security, vulnerabilities

By July 23, 2021 One Comment

Bruce Phillips, SVP and Chief Information Security Officer for WEST, a WFG company, stresses that prevention is the best defense against cyberattacks.

On July 20, The Title Report provided the latest news on the Cloudstar ransomware attack, insisting that it clearly reveals dangerous vulnerabilities within financial industries and the urgent need to beef up cybersecurity.

The previous day, Cloudstar had posted on its website that it “still has no ‘definitive restoration timeline’ for its cloud-hosting systems, which were taken out by the ransomware attack on July 16.” It went on to state, “It is too early to speculate about what data may have been impacted.”

It is now working with law enforcement and Tetra Defense, a forensics company, on recovery efforts and is in “negotiations with the threat actor.”

Bruce Phillips, SVP and Chief Information Security Officer at WEST, a WFG company, said that the best defense against cyberattacks is prevention, and that title companies and agents need a comprehensive plan in place.

“This includes creating and implementing an Incidence Response Plan,” Phillips said, “as well as putting fail-safes in place to ensure that they have access to their data and systems on at least a limited basis during times of crisis. These systems and data sources should be independent of the company’s main systems and data storage providers, as well as directly accessible. Data protection techniques such as data encryption should also be implemented.”

He clarified that sensitive data should be copied to an offline backup system outside of the title company’s other service providers, and inaccessible through those providers.

“By implementing this safeguard, title companies can prevent cybercriminals from accessing their backup files during a ransomware breach and ensure that they have direct access to their own data following a breach,” he said.

“Before loading backup data into their operating systems,” he continued, “title companies need to confirm that their operating system has not been compromised or corrupted. As a fallback, they should also have a standalone copy of their operating system that they can load onto a desktop computer along with their backup data source, so nothing is entirely inaccessible or lost. This will enable them to continue working following an attack, albeit at a slower pace.”

Also, team members need to be trained to identify phishing attempts and other malicious tactics, he added.

ALTA describes Cloudstar as “one of the industry’s main cloud-hosting providers” and its six U.S. data centers serve more than 42,000 users. Hundreds of title companies and lenders were among those left “unable to conduct transactions or close loans.”