Cyber Threats: Scams, Disruptions, and Investigation 2023-11-27

Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news

Weekly CyberTip: Avoid Black Friday/Cyber Monday delivery scams

Many of us will be expecting package deliveries over the next few days as our Black Friday and Cyber Monday purchases are delivered. Don’t let the hackers take advantage of you! Especially over the next week or two, be on the alert for texts, calls, or emails about missed deliveries or account problems. These are classic methods scammers use. Keep close track of what you (and others in your residence) have ordered to understand what is expected, and when. If you do receive a suspicious text or email, do not click on links, but go to the e-commerce site or delivery carrier’s portal directly, and use the retailer’s tracking tools. Reputable firms will never ask you for a password over the phone or via an electronic message – consider those kinds of requests as a definite red flag of a scam. As always, check the actual sender email address for communications – a spoofed address will certainly suggest that you’re looking at a fake message. 

Cyber attack on conveyancing firms disrupts house sales and purchases across the UK

CTS, a UK-based service provider to the legal sector, has confirmed that a cyber attack has caused disruptions to their services. The ripple effect from the outage has affected at least 80 law firms involved in real estate conveyancing, which in turn has disrupted the purchase and sale of some homes across the UK. Some estimates suggest the number of law firms affected could reach as many as 200. 


According to a statement posted on their website on November 24, while CTS is “confident that we will be able to restore services, we are unable to give a precise timeline for full restoration. We will continue to communicate directly with those of our clients which are impacted by the service outage, providing regular updates on the status of our work to restore services and our investigations into the incident.” No information has been disclosed as to the nature of the attack, or whether personal information has been compromised in the attack. 


The incident provides another example of the importance of third-party security in today’s inter-connected world.  

FNF discloses cyber incident

Multi-billion title insurance and real estate/mortgage settlement provider Fidelity National Financial (FNF) has disclosed a significant cyber incident in an 8-K filing with the U.S. Security and Exchange Commission (SEC). The 8-K form – a report that companies must file with the SEC to disclose major events of interest or concern to shareholders – indicated that FNF “recently became aware of a cybersecurity incident that impacted certain FNF systems [and] implemented certain measures to assess and contain the incident. Among other containment measures, we blocked access to certain of our systems, which resulted in disruptions to our business. For example, the services we provide related to title insurance, escrow and other title-related services, mortgage transaction services, and technology to the real estate and mortgage industries, have been affected by these measures”. 


The 8-K form was made public on November 21. A day later, the ransomware gang ALPHV (a.k.a. BlackCat) claimed responsibility for the incident on their dark web portal. “Before disclosing whether or whether we have [not] collected any data, we will allow FNF further time to get in touch,” the hackers warned. “[We] wouldn’t want to disclose every card at this early stage.” 


However, the 8-K form appears to confirm that data was disclosed in the incident: “Based on our investigation to date, FNF has determined that an unauthorized third party accessed certain FNF systems and acquired certain credentials.”  While FNF’s U.S. website is silent on the incident (and their Canada subsidiary website has not had news updates since 2020), FNF shut down many of their online services in the wake of the incident. 


Meanwhile, the investigation into the incident continues. “FNF will continue to assess the impact of the incident and whether the incident may have a material impact on the company. We are working diligently to address the incident and to restore normal operations as quickly and safely as possible.” 

OPC to launch investigation into cyber incident affecting public servants, RCMP, and CAF

In the wake of an announcement by the Treasury Board of Canada Secretariat that up to 24 years of data may have been disclosed in a recent third-party cyber attack, the Office of the Privacy Commissioner of Canada (OPC) issued a statement saying that they will be launching an investigation into the matter. 


In a November 23 press release, federal Privacy Commissioner Philippe Dufresne announced that “Given the broad scope and potentially sensitive nature of the compromised personal information, I have determined that this breach must be investigated so that we can understand why this happened and what must be done to remedy the situation and prevent such things from happening again.” 


The OPC will be looking into two companies — Brookfield Global Relocation Services (BGRS) and Sirva Canada LP – that are contracted by the government to provide relocation services. Public Services and Procurement Canada and the Treasury Board of Canada Secretariat (TBS) will also be examined under the Privacy Act, according to the release. 


In the TBS’ November 17 update, the potential scope of the cyber incident was laid out: “… given the significant volume of data being assessed, we cannot yet identify specific individuals impacted; however, preliminary information indicates that breached information could belong to anyone who has used relocation services as early as 1999 and may include any personal and financial information that employees provided to the companies.” Current and former public sector employees, RCMP personnel, and Canadian Armed Forces personnel are all at potential risk. 



Get exclusively curated cyber insights and news in your inbox

Contact Us Today


Get monthly proprietary, curated updates on the latest cyber news.