[PDF]

Cybersecurity in the Escrow Industry: Protect your Business from Digital Threats PDF Free Download

1 / 13
2 views13 pages

Cybersecurity in the Escrow Industry: Protect your Business from Digital Threats PDF Free Download

Cybersecurity in the Escrow Industry: Protect your Business from Digital Threats PDF free Download. Think more deeply and widely.

6/10/2025
1
Cybersecurity in the Escrow Industry: Protect
your Business from Digital Threats
Presented: Genady Vishnevetsky,
CISSP, CISM, CRISC
2
© 2025 Stewart Title Guaranty Company. All rights reserved. Not to be distributed or copied without express permission.
System Intrusion: This pattern dominated
breaches, largely driven by ransomware and
espionage activities.
Social Engineering: Phishing and pretexting
remain prevalent, with new techniques like
prompt bombing emerging.
Exploitation of Vulnerabilities: There was a
significant increase in breaches due to exploited
vulnerabilities, especially in edge devices.
2025 Verizon DBIR –
Key Trends
1
2
6/10/2025
2
3
© 2025 Stewart Title Guaranty Company. All rights reserved. Not to be distributed or copied without express permission.
External Actors: Predominantly organized crime
groups and state-affiliated actors.
Internal Actors: Errors and privilege misuse by
insiders continue to be significant.
Data Types: Personal, internal, and sensitive
personal data were frequently compromised.
2025 Verizon DBIR – Threat
Actors and Data
Compromised
4
© 2025 Stewart Title Guaranty Company. All rights reserved. Not to be distributed or copied without express permission.
Generative AI: Increased use of AI by threat actors for phishing and influence
operations.
Infostealers: Malware designed to steal credentials and other sensitive information is
prevalent.
Supply Chain Attacks: Vulnerabilities in third-party software and services continue to
pose significant risks.
2025 Verizon DBIR – Emerging
Threats
3
4
6/10/2025
3
5
© 2025 Stewart Title Guaranty Company. All rights reserved. Not to be distributed or copied without express permission.
Patch Management: Timely patching of vulnerabilities is crucial to
prevent exploitation.
Multi-Factor Authentication (MFA): Implementing MFA can
significantly reduce the risk of credential abuse.
Security Awareness Training: Continuous training for employees
to recognize and report phishing and other social engineering
attacks.
2025 Verizon DBIR – Takeaways
6
© 2025 Stewart Title Guaranty Company. All rights reserved. Not to be distributed or copied without express permission.
Ransomware Dynamics are
Changing
The ransomware ecosystem is fractured and uncertain, and the Ransomware-as-a-Service
(RaaS) model is tarnished by infighting, deception, and compromised anonymity.
The landscape is dominated by unaffiliated lone operator extortionists, new ransomware
brands, and a few surviving traditional ransomware groups. Notable groups like Black Basta
and Hunters International are closing or facing challenges.
The state of ransomware in 2025 is marked by complications such as poorly written
encryption code, sanctions concerns, OPSEC concerns, and disruption of critical resources,
making it unlikely for ransomware groups to maintain longevity and consistent profits.
The most common tactics, techniques, and procedures (TTPs) used by threat actors in Q1
2025 include Exfiltration (71% of cases), Lateral Movement (67% of cases), and Defense
Evasion (60% of cases).
Ransomware attacks in Q1 2025 disproportionately affected small and mid-sized
organizations, with the median size of a victimized organization being 228 employees, and
primarily targeted industries such as healthcare, professional services, and the public sector.
Source: Coveware Q1 Ransomware Report
5
6
6/10/2025
4
7
© 2025 Stewart Title Guaranty Company. All rights reserved. Not to be distributed or copied without express permission.
Current Trends
8
© 2025 Stewart Title Guaranty Company. All rights reserved. Not to be distributed or copied without express permission.
Wire Fraud
Objective: Exploiting email communication between title companies,
lenders, and clients to intercept pr alter wire transfer instructions.
Tactic:
Compromising legitimate business email accounts through phishing
or credential theft.
Creating lookalike domains to impersonate trusted parties.
Intercepting transaction details during real estate closing to redirect
funds to attacker-controlled accounts.
7
8
6/10/2025
5
9
© 2025 Stewart Title Guaranty Company. All rights reserved. Not to be distributed or copied without express permission.
Advanced Phishing and Social
Engineering
Objective: Crafting highly personalized phishing emails using AI to gain
access to sensitive information.
Tactic:
AI-driven language models generate contextually relevant emails that
mimic real estate professionals or internal staff.
Using urgency tactics (e.g., last-minute closing changes) to trick
victims into bypassing security protocols.
Leveraging compromised email accounts to further propagate
attacks.
10
© 2025 Stewart Title Guaranty Company. All rights reserved. Not to be distributed or copied without express permission.
Objective: Disrupting operations by encrypting critical data and
threatening to leak sensitive information if ransom demands aren’t met.
Tactic:
Exploiting unpatched vulnerabilities in systems used for document
management and escrow management.
Targeting third-party vendors with weaker security controls as an
entry point (supply chain attacks).
Stealing sensitive client data (property records, personal identification
details) before initiating encryption.
Ransomware with Exfiltration
9
10
6/10/2025
6
11
© 2025 Stewart Title Guaranty Company. All rights reserved. Not to be distributed or copied without express permission.
Objective: Compromising third-party service providers used by title
companies (e.g., software vendors, cloud providers).
Tactic:
Inserting malicious code or backdoors within software updates (e.g.,
document processing platforms or payment systems).
Exploiting weak authentication mechanisms within third-party
Supply Chain Attacks
12
© 2025 Stewart Title Guaranty Company. All rights reserved. Not to be distributed or copied without express permission.
Objective: Leveraging compromised credentials obtained from data
breaches to access internal systems.
Tactic:
Using automated tools to test stolen username/password
combinations against corporate applications (especially cloud-based
platforms used for title processing).
Exploiting weak multi-factor authentication (MFA) implementations or
legacy systems lacking strong authentication controls.
Credential Stuffing and Brute
Force Attacks
11
12
6/10/2025
7
13
© 2025 Stewart Title Guaranty Company. All rights reserved. Not to be distributed or copied without express permission.
Objective: Utilizing deepfake audio or video to impersonate executives
or clients involved in property transactions.
Tactic:
Generating realistic audio or video messages instructing staff to
approve wire transfers or disclose sensitive information.
Exploiting high-stakes scenarios such as property closings to pressure
employees into complying without verification.
Deepfake Fraud
14
© 2025 Stewart Title Guaranty Company. All rights reserved. Not to be distributed or copied without express permission.
Objective: Employees (malicious or negligent) causing data breaches or
facilitating unauthorized transactions.
Tactic:
Misconfigurations leading to exposure of sensitive documents (e.g.,
mismanaged cloud storage permissions).
Malicious insiders exfiltrating client data for personal gain or due to
coercion.
Insider Threats
13
14
6/10/2025
8
15
© 2025 Stewart Title Guaranty Company. All rights reserved. Not to be distributed or copied without express permission.
16
© 2025 Stewart Title Guaranty Company. All rights reserved. Not to be distributed or copied without express permission.
Strengthen authentication controls: Employ strong MFA across systems,
monitor for credential reuse, and enforce strict password policies.
Regularly patch and update systems: Address vulnerabilities promptly, especially
in third-party software.
Supplier risk management: Conduct thorough security assessments of vendors
and ensure contractual security obligations.
Data encryption and backups: Maintain encrypted backups to mitigate
ransomware impacts and safeguard sensitive data.
Integrate incident response plans: Practice simulated breach scenarios,
including ransomware and wire fraud, to bolster readiness.
Mitigation Strategies
15
16
6/10/2025
9
17
© 2025 Stewart Title Guaranty Company. All rights reserved. Not to be distributed or copied without express permission.
Mitigation Strategies:
Email Authentication Protocols: Enforce SPF, DKIM, and DMARC to
reduce spoofing.
Wire Transfer Verification: Any changes to payment instructions
require dual authorization and out-of-band verification (e.g., phone
calls to verified numbers).
Behavioral AI for Email Security: Deploy tools that detect anomalies
in communication patterns (e.g., Microsoft Defender for Office 365,
Abnormal Security).
Right around the corner: ID Verification
Wire Fraud
18
© 2025 Stewart Title Guaranty Company. All rights reserved. Not to be distributed or copied without express permission.
Mitigation Strategies:
Security Awareness Training: Conduct regular phishing simulations
and targeted training for escrow officers, agents, and closing staff.
Natural Language Processing (NLP) Tools: Use email filters that
recognize AI-generated language patterns.
Pretext Verification: Always confirm identity via multiple channels
before divulging sensitive information or acting on urgent requests.
AI-Driven Phishing & Social Engineering
17
18
6/10/2025
10
19
© 2025 Stewart Title Guaranty Company. All rights reserved. Not to be distributed or copied without express permission.
Mitigation Strategies:
Immutable Backups: Maintain offline or WORM (Write Once Read
Many) backups with automated versioning.
Endpoint Detection and Response (EDR): Deploy solutions like
SentinelOne, CrowdStrike, or Microsoft Defender to detect lateral
movement and block encryption attempts.
Network Segmentation: Isolate critical systems like escrow databases
and title search systems from general-purpose endpoints.
Ransomware
20
© 2025 Stewart Title Guaranty Company. All rights reserved. Not to be distributed or copied without express permission.
Mitigation Strategies:
Vendor Security Assessments: Require SOC 2 reports, penetration test
results, and cybersecurity insurance from third-party vendors.
Software Bill of Materials (SBOM): Demand transparency on software
components used by vendors, especially those in cloud-based title
processing systems.
Least Privilege Access: Apply strict identity and access controls (e.g.,
Zero Trust principles) to third-party integrations.
Supply Chain Attacks
19
20
6/10/2025
11
21
© 2025 Stewart Title Guaranty Company. All rights reserved. Not to be distributed or copied without express permission.
Mitigation Strategies:
Voice and Video Authentication: Use known secure channels (e.g.,
verified Zoom rooms or internal phone extensions) for sensitive
discussions.
Multi-Factor Authentication with Biometric Verification: For high-
value closings, consider biometric identity verification platforms (e.g.,
Jumio, ID.me).
IDV is the next frontier: Consider implementing an ID Verification
solution
Staff Training on Deepfake Awareness: Teach red-flag behaviors—
odd phrasing, unnatural blinking/speech, or unexpected urgency.
Deepfakes & Synthetic Identity Fraud
22
© 2025 Stewart Title Guaranty Company. All rights reserved. Not to be distributed or copied without express permission.
Mitigation Strategies:
User and Entity Behavior Analytics (UEBA): Tools like Splunk,
Exabeam, or Microsoft Sentinel can detect anomalous employee
actions.
Role-Based Access Control (RBAC): Ensure users can access only the
systems and data necessary for their role.
Data Loss Prevention (DLP): Monitor and restrict copying or uploading
sensitive files (e.g., customer identity or escrow info). Microsoft 365
offers multiple levels of DLP
Monitor unapproved channels: Cloud Access Security Brokers can
help monitor connections to unsanctioned Cloud solutions and data
transfer
Insider Threats
21
22
6/10/2025
12
23
© 2025 Stewart Title Guaranty Company. All rights reserved. Not to be distributed or copied without express permission.
Mitigation Strategies:
Browser Password Manager: Ideally, turn it off. Prevent users from
logging in to the browser account.
Embrace password managers: Ensure users can access only the
systems and data necessary for their role. Make it a benefit
Use EDR on the endpoint: Antivirus is inadequate. Upgrade to he next-
gen solution
Passwordless is the answer and the future: Encourage use where
available
InfoStealer
24
© 2025 Stewart Title Guaranty Company. All rights reserved. Not to be distributed or copied without express permission.
Incident Response Playbooks: Prepare playbooks for scenarios such as
wire fraud, ransomware, and insider data theft. Test them via tabletop
exercises.
Cyber Insurance Review: Confirm your coverage includes ransomware,
data breaches, and social engineering fraud tailored to escrow/title
transactions.
Parting Words
23
24
6/10/2025
13
© 2020 Stewart Title Guaranty Company. All rights reserved. Not to be distributed or copied without express permission.
2
5
Thank you
Follow me on ALTA Community - https://community.alta.org/
25