UK Cyberattack Highlights Threat to Real Estate Industry

Last week, on the heels of a cyber attack on CTS, an IT provider to UK law firms, the UK's National Cyber Security Centre and The Law Society of England and Wales issued the legal community advisories emphasizing the need to harden IT networks against cyber attacks. The CTS attack prevented solicitors from finalizing real estate transactions, stalling deals throughout the industry and leaving home buyers and sellers in limbo. 

I have seen this crime evolve over time. A decade ago, at my direction, the FBI Internet Crime Complaint Center issued an alert to the real estate industry warning of foreign ‘investors’ who contacted realtors offering to pay cash for properties.  In this scam, the ‘investor’ backs out of the deal before the deposit wire clears and defrauds the closing attorneys who return the ‘escrowed funds’ via wire transfer.  Since then, the schemes have gotten more complex, but the focus remains the same:  infiltrate the IT environment of a party involved in real estate transactions and monetize the sensitive financial and personal information found there.  In my example, individual attorneys were targeted. In the UK case, some 80 law firms fell victim to a single attack.  This underlines how cyber tools allow threat actors to expand their reach.   

Whether at Nardello & Co. or in my former life as an FBI agent, the telephone call is always the same:  a victim - a banker, lawyer, or homeowner - claims his network was hacked just prior to the closing of real estate transaction.  My reaction is always the same:  while it is probable that one party to the transaction was hacked, it may not have been you. Then as now, my preference is to get the call before the incident and to work with those in the real estate and legal communities to harden their systems, assess counterparty cybersecurity, and educate their employees as to how to avoid becoming victims in the first place.