The local real estate industry has been severely hampered by a breach, that caused the Suffolk County government servers to shut down for more than 20 days.
Since September 8, the cyberattack has prevented access to
county websites, servers, and databases, making it impossible to check property
titles or submit records. Consequently, obstructing most of the transactions
from going through.
According to Sheri Winter Parker, a Corcoran broker, confusion
over the situation and when it might end means “my phone is ringing with
nonstop texts and emails.”
According to The Suffolk Times, hacking group BlackCat claims
credit for the Suffolk cyberattacks and demands a ransom payment in order to
restore access to government servers. The BlackCat threat actors state that
they have access to around four terabytes of data including individual
residents, while much of the data is from the clerk.county.suf domain.
Although County officials have resorted to restoring some
records in person, online databases remain inaccessible. Furthermore, County email
addresses are offline too, resulting in a massive disruption for brokers,
lawyers, and title companies, along with buyers and sellers.
According to Michael
Gulotta, founding partner of Gulotta & Gulotta, a Ronkokoma-based law firm,
“Real estate transactions are on hold[...]About 45 percent of our business is
real estate. This has impacted our staff, clients, and affiliates in a major
way.”
Computer experts, on the
other hand, are raising concerns that Palo Alto, the cybersecurity company providing
the front-line firewall of Suffolk’s defense against cyberattacks, is serving
as the main forensic auditor to investigate what happened when the county’s
system was hacked.
Palo Alto and RedLand
(another cybersecurity company) are both responsible to safeguard Suffolk’s
computer system since 2019. Besides, both companies were awarded new contracts in
order to manage the county’s response to the attacks, analyse the breach and help
resolve the issue.
Suffolk is yet to announce
how exactly the threat actors breached its systems. However, the company has
not blamed RedLand or Palo Alto for the attacks.
Since the county is still
repairing damages from the attack, the police department, the Department of
Health Services, and the Traffic and Parking Violations Agency have all taken a
hit.
For a long time, the Secret Service agent had been trying to find the scammers trafficking millions of stolen dollars via banks throughout the New York tri-state area. The quest, which started in May 2020, was taking an eternity and the agent was getting impatient.
In his spare time, sitting in his office in New York, the agent began routinely digging into a government database called Internet Crime Complaints Center. The IC3 is open to all domestic law enforcement agencies and covers over two dozen types of crimes. this includes credit card scams, identity thefts, and ransomware attacks. Bloomberg reports:
"Reports about this alarming scheme exploded during the pandemic when home prices, bidding wars, and cash deals all rose. As transaction volume swelled, so did profits for real estate companies, lenders, and banks, and hackers smelled a growing opportunity. By targeting escrow wires, scammers are able to single out a particularly easy jackpot, a transaction involving multiple parties without proper internet security, and the rare instance in which a giant sum of cash is sent in a single wire."
In 2021, it got around 2300 complaints per day, about one every 37 seconds. The agent was in search of business email compromises (BECs), a scam where actors hack into corporate accounts to send fake wire requests, like invoices or contract payments.
BEC scams indiscriminately attack all kinds of industries, but in recent years they've found a new victim: the desperate homebuyer.
Bachelors and couples, eager to finalize their dream home and overwhelmed with emails and paperwork, think they are transferring their down payment to a lawyer or a title company handling the closing process.
However, by not paying attention to minute details in an email, like extra characters or spelling errors, hinting it's a fake- they accidentally wire tens, hundreds, or even thousands of dollars to cybercriminals.
In an instant, they lose their entire nest egg, along with the house they think they were about to shift into, with low odds of ever getting the money back. There are numerous ways to find the person behind a BEC scam: bank accounts where the money is wired, phone numbers, and email or internet addresses, to name a few.
The agent did a deeper database search to find over 9$ million worth of stolen funds impacting 50-plus targets throughout various sectors, including real estate losses estimated at more than $2 million.
As per experts, BEC scammers usually follow a shotgun approach. They put together contact info for random players involved in any real estate transaction-brokers, lawyers, mortgage lenders, title agencies- then send bulk phishing emails to this database, waiting for someone to walk into the trap.
The scammed victims accidentally send out their login info to the attacker, giving them access to their email and confidential company info. The hackers also tap conversations and therefore are able to learn every little detail of a deal.
The hackers jump into action during the down payment process, sending a fraudulent email to the buyer on behalf of real estate. As the result, the clueless buyer sends their entire savings to a criminal.
According to Bloomberg:
"As for homebuyers, they’re still largely on their own. For the most part, the companies involved in real estate transactions are well-insulated from legal recourse. Real estate firms usually have a boilerplate warning about fraud in their emails but don’t mention it otherwise. Some even skirt their own rules by sending confidential information over unsecured accounts during negotiations and closings."