Brother
Professional
- Messages
- 2,590
- Reaction score
- 526
- Points
- 113
Hackers broke into one of the largest insurers FNF, which led to chaos in the market.
The American insurance company Fidelity National Financial (FNF), which is included in the Fortune 500 list, confirmed the fact of a cyber attack. In a statement to the SEC (Securities and Exchange Commission) on November 19, the company announced the need to disable a number of systems, which led to violations in various business areas, including real estate insurance, escrow services and other services related to real estate transactions and mortgages.
FNF, with revenues exceeding $11 billion in 2022, is one of the largest real estate and mortgage insurers in the United States. The company admitted that the attackers gained access to certain FNF systems and obtained credentials. However, the full consequences of the incident for business have not yet been disclosed.
The ALPHV/BlackCat group claimed responsibility for the attack on November 22, but details of the attack have not yet been disclosed. The BlackCat group published a message in which it criticized Mandiant's incident response specialists for their inaction regarding the attack. The group also announced that it will give FNF additional time to communicate with the ransomware before disclosing more information about the nature of the attack.
FNF continues to assess the impact of the incident and is working to restore normal operation of the systems. The difficulties of FNF have already affected a number of companies and home buyers in the United States who are unable to close deals. Some brokers suggest that closing trades will be possible only after the systems are restored, possibly not earlier than November 26.
Experts suggest that penetration into FNF systems could have occurred through a vulnerability in Citrix Netscaler devices known as CitrixBleed (CVE-2023-4966), which was actively exploited by various groups, including LockBit. Even after the patch was released, more than 5,000 organizations are still affected by this vulnerability. Exploiting CitrixBleed allows attackers to gain access to user sessions and bypass authentication.
The American insurance company Fidelity National Financial (FNF), which is included in the Fortune 500 list, confirmed the fact of a cyber attack. In a statement to the SEC (Securities and Exchange Commission) on November 19, the company announced the need to disable a number of systems, which led to violations in various business areas, including real estate insurance, escrow services and other services related to real estate transactions and mortgages.
FNF, with revenues exceeding $11 billion in 2022, is one of the largest real estate and mortgage insurers in the United States. The company admitted that the attackers gained access to certain FNF systems and obtained credentials. However, the full consequences of the incident for business have not yet been disclosed.
The ALPHV/BlackCat group claimed responsibility for the attack on November 22, but details of the attack have not yet been disclosed. The BlackCat group published a message in which it criticized Mandiant's incident response specialists for their inaction regarding the attack. The group also announced that it will give FNF additional time to communicate with the ransomware before disclosing more information about the nature of the attack.
FNF continues to assess the impact of the incident and is working to restore normal operation of the systems. The difficulties of FNF have already affected a number of companies and home buyers in the United States who are unable to close deals. Some brokers suggest that closing trades will be possible only after the systems are restored, possibly not earlier than November 26.
Experts suggest that penetration into FNF systems could have occurred through a vulnerability in Citrix Netscaler devices known as CitrixBleed (CVE-2023-4966), which was actively exploited by various groups, including LockBit. Even after the patch was released, more than 5,000 organizations are still affected by this vulnerability. Exploiting CitrixBleed allows attackers to gain access to user sessions and bypass authentication.
