Cyber & IT Supervisory Forum - November 2023

Ransomware Scenario (Exercise Facilitator’s Key) Ins Ɵ tu Ɵ on Background:

Acme Mortgage Subservicer is a major player in the mortgage industry specializing in sub ‐ servicing opera Ɵ ons for some of the largest mortgage companies in the country. Headquartered in Dallas, Texas, the company has a workforce of 950 employees, primarily comprised of loan servicing specialists, compliance o ffi cers, IT professionals, customer service representa Ɵ ves, and administra Ɵ ve sta ff .

Opera Ɵ ons Conducted by Acme Mortgage Subservicer:

 Loan Onboarding: The process of onboarding loans for various clients.  Payment Processing: Handling and processing mortgage payments, including escrow management and disbursements.  Customer Service: Addressing borrower ques Ɵ ons, concerns, and providing support.  Loss Mi Ɵ ga Ɵ on and Investor Repor Ɵ ng: performing loss mi Ɵ ga Ɵ on on delinquent and defaulted loans, remi ƫ ng funds to investors, performing all necessary investor repor Ɵ ng.  Data Security: Safeguarding sensi Ɵ ve borrower informa Ɵ on and transac Ɵ on records. Acme Mortgage Subservicer's Client Base:  Mortgage Companies: The sub ‐ servicer works with some of the largest mortgage companies na Ɵ onwide, manages a substan Ɵ al por Ɵ on of their por ƞ olios, and is responsible for customer ‐ facing administra Ɵ on of loans.  Borrowers: The consumers who have mortgages with the client companies and rely on Acme for various services in connec Ɵ on with their mortgage. INJECT 1 : Monday, 10:00 am, June 6: Law enforcement, CISA, and the Financial Services Informa Ɵ on Sharing and Analysis Center (FS ‐ ISAC) are ac Ɵ vely tracking a spike in reports from fi nancial ins Ɵ tu Ɵ ons indica Ɵ ng increased malicious cyber ac Ɵ vity, including one par Ɵ cularly ac Ɵ ve ransomware strain that appears to be targe Ɵ ng the fi nancial sector (i.e., banks, credit unions, mortgage companies and other NDI en ƟƟ es). No Ɵ fi ca Ɵ ons of this anomalous ac Ɵ vity have been disseminated by various credible public and government sources to all members of the fi nancial sector this morning as reports of fi nancial sector vic Ɵ ms con Ɵ nue to emerge, including some opera Ɵ ng within Acme’s home o ffi ce footprint.


1.) What tools might the organiza Ɵ on employ to receive threat informa Ɵ on? Having general threat awareness and knowing that something is out there that might put YOUR organiza Ɵ on at risk is an absolute must. Organiza Ɵ ons cannot exist in a vacuum when it comes to cyber awareness. Cyber awareness can be generated from


Made with FlippingBook Digital Publishing Software