Recent Ransomware Threats Prompts Mortgage Company to Contract with High Bit Security for Penetration Testing

Rochester MI (PRWEB) April 17, 2013

Mortgage companies store significant Personally Identifiable Information (PII). In the last few months, many small and medium size brokers have become prime targets for hackers.

Anyone who has ever applied for a mortgage knows that you are required to document your entire financial life, said High Bit Security CBDO Barbara Goushaw. Mortgage company records are a goldmine for an identity thief, and whether this information is stored locally or the mortgage company uses third party software customer information exists unencrypted at various points as it traverses the network. Information is transferred using unencrypted e-mails and its also copied, faxed, and scanned on all-in-one printers that retain the information. Yet, most of us would never ask about security policies when selecting a mortgage company – its a prescription for ruined lives.

High Bit Security performed a penetration test for a national mortgage company who was concerned about their security due to a recent ransomware attack against another mortgage broker. The hacker took control of that system, locked the company out, and threatened to publish applicants sensitive information unless a ransom of $ 200,000 was paid within 24 hours. The national mortgage company engaged High Bit security to test and determine their vulnerabilities, and to ascertain if they could be subjected to the same kind of attack. Testing identified multiple exploitable vulnerabilities, underscoring the need for a preemptive approach to security and illustrating why penetration testing is widely acknowledged as the best way to protect and preserve valuable information.

Our security engineers documented vulnerabilities that could allow a full breach of the server and the operating system, said High Bit COO, Adam Goslin. There was also a server misconfiguration that inappropriately exposed an internal only database to the Internet, in addition to remote access vulnerabilities. We discovered that this company was at risk, and it was fortunate they engaged us before the hackers discovered it too. In cases like this its only a matter of time.

High Bit Security reported what was found, where it was found, what it meant, relative severity within the environment, and specific details on how to fix it. Upon receipt of the testing results report, the mortgage company IT staff began at once to remediate the vulnerabilities. Most of the fixes were relatively simple to accomplish, said Goslin. The trick is to know what needs to be fixed. Thats why an experienced security engineer heads up all of our engagements. They know where to look. The key is to engage us before the hackers find you, because they also know where to look. In this case the company was proactive and brought us in before they became a target.

This entry was posted in Review and tagged , , , , , , , , , , . Bookmark the permalink.

Leave a Reply