Fidelity National Financial Falls Victim to BlackCat Ransomware Attack

Fidelity National Financial (FNF), a Fortune 500 insurance company, recently confirmed that it has become the victim of a cybersecurity incident. The confirmation came through an 8-K filing with the Securities and Exchange Commission (SEC) on Tuesday, stating that the company was forced to shut down several systems, affecting various areas of its business.

FNF is one of the largest underwriters of title insurance and providers of transaction services to the real estate and mortgage industries in the US, with more than $11 billion in total revenue recorded in 2022. The impact of the shutdown has affected services related to title insurance, escrow, mortgage transaction services, and technology provided to the real estate and mortgage industries.

The company has yet to disclose the material impact of the incident on trade, but it did confirm that an intruder accessed certain FNF systems and acquired specific credentials. FNF is working diligently to assess the incident's impact and restore normal operations as quickly and safely as possible.

Ransomware group ALPHV/BlackCat claimed responsibility for the attack but provided limited information about what they accessed. BlackCat stated that it would give FNF additional time to respond before disclosing more information about the attack.

The incident has already impacted several companies and home buyers in the US who are unable to close purchases. Security experts have speculated that the entry point into FNF's systems was potentially caused by exploits of a critical vulnerability affecting Citrix Netscaler devices, known as "CitrixBleed."

Research suggests that FNF applied the patch for this vulnerability two weeks after it was made available on October 10. This vulnerability, tracked as CVE-2023-4966, has been extensively exploited by ransomware groups, resulting in many serious attacks.

As of November 13, more than a month since the patch was made available, upwards of 5,000 organizations were still exposed to the vulnerability, making it a severe threat for potential exploitation.

For more details, you can read the original article on The Register here.

Know more. Investigate better.