Russian threat keeps mortgage cybersecurity experts on alert

Russia’s hostilities in Ukraine have already impacted the U.S. housing market and as the war goes on, the mortgage industry’s cybersecurity experts are bracing for tests of their defenses.

The uncertainty caused by the initial invasion rocked mortgage rates, as investors moved their capital out of riskier assets to Treasuries in a brief flight to quality. U.S. banks have braced for the ripple effects of severe economic sanctions on Russia. Federal officials have warned of Russian threat actors, state-sponsored or otherwise, seeking retaliation or new sources of income, which put cybersecurity experts on alert.

No mortgage data breach has yet been linked to Russian cybercriminals, but experts said they are well within the realm of possibility. Russian state actors targeting the U.S. are more likely to attempt infrastructure hacks or breaches on credit unions and other banks before hacking institutions like mortgage lenders, said JT Gaietto, chief security officer at cybersecurity firm Digital Silence. However, organized criminal elements could eye the trillion-dollar mortgage industry to replenish their funds.

“I don’t know if shutting someone’s mortgage operation down buys the Russian government a lot,” Gaietto said. “But from a monetization and defrauding perspective, it definitely buys the organized crime, oligarch section of the Russian populace some breathing room financially.”

Attacks stemming from the region on U.S. banks aren’t unprecedented. Two groups with reported ties to Russia claimed responsibility for ransomware strikes on three small banks last year. Data breaches have rattled lenders, servicers and title insurance companies in the past few months, but none were publicly tied to Russia. Connecting a cyberattack to Russian threat actors is difficult because cybercriminals could operate on networks outside of their home country, said Paul Guthrie, information security officer at Blend. However, methods and the type of malware used could provide clues.

The Russian currency hit historic lows in the wake of sanctions against Russia’s central bank, its sovereign wealth fund and private financial institutions. Widespread cyberattacks on American financial institutions haven’t yet come to pass, but Russia’s other cyber aggressions have been thwarted in recent weeks. Microsoft earlier this month blocked attacks on Ukrainian media by Russian hackers, according to CybersecurityDive, while Ukraine last week said it blocked a cyberattack on its energy grid.

“We haven’t seen any increased attacks, but we also didn’t expect to see them until the land war kind of ramps down a little bit,” Guthrie said. “We fully expect that to happen.”

Experts emphasized that the mortgage landscape isn’t any more exposed to cyberthreats than other industries but noted it remains a target because of its wealth of capital. The new risks come amid what’s already an epidemic of fraud in the mortgage industry, with incidents, risks and reports of suspicious activity all up within the past year.

“One of the biggest threats to mortgage companies and lenders is absolutely ransomware but not only from Russia, per se,” said Jordan Bingham, founder of cybersecurity firm LendSafe, part owner of a Utah brokerage and former mortgage loan originator.

Financial services are particularly impacted by ransomware, according to a Federal Bureau of Investigation report, while business email compromises remain pervasive. Experts also warned of new complex attacks such as double or triple extortions, in which threat actors obtain personally identifiable information, sell it on the black market and simultaneously hold it ransom.

Experts won’t disclose their firm’s cybersecurity playbooks, but suggested mortgage professionals continue to shore up their protections, which have room to improve. Russian threat actors could already be inside a mortgage firm’s digital infrastructure, said Rick Hill, vice president of industry technology at the Mortgage Bankers Association.

“The United States intelligence is saying, ‘It still could be coming,’ but it feels a little bit like the calm before the storm,” Bingham said.