What happens in a cyber attack? Experts discuss incident response

Img

Over the past few months, cybercriminals have been attacking mortgage players at an alarming rate.

Major companies like Loandepot and Mr. Cooper are reeling financially from recent incidents, while businesses continue battle lawsuits from affected customers. Some of those complaints have revealed more color about the hacks and the companies' respective responses, details which aren't typically disclosed.

One major cyberattack began when an employee clicked on a search result about road maintenance agreements in Florida, according to court filings. Another sizable breach began when a threat actor exploited the credentials of a bank's contractor, which eventually led to a previously undisclosed bitcoin ransom payment. 

Attacks may appear more frequent because of new notification requirements, but experts say the pain isn't felt only by the largest lenders and servicers. 

"We're really seeing two kinds of parallel crises," said Jordan Bingham, founder and CEO of Utah-based cybersecurity firm LendSafe. "The larger companies are freaking out about ransomware and at the same time, the smaller shops are undergoing quite a bunch of pressure from attackers."

To understand what happens during a cyberattack, National Mortgage News spoke to cybersecurity veterans who described the typical timeline of an incident. Lenders, servicers and technology vendors may follow similar game plans.