Cyber & IT Supervisory Forum - November 2023

c.) Mechanisms to detect the presence of any suspicious fi le extensions . d.) Mechanisms to detect any large amounts of fi les being renamed . e.) Mechanisms to alert IT personnel of any changes in privileged access rights , or unusual administra Ɵ ve ac Ɵ vi Ɵ es . f.) A data loss preven Ɵ on (DLP) program that provides real ‐Ɵ me alerts related to a monitored endpoint AND prevents large amounts of data from being ex fi ltrated by any method or protocol without the use of mul Ɵ factor authen Ɵ ca Ɵ on. INJECT 2 : Monday, 2:45pm, June 6: A loan servicing specialist at the company receives an encrypted email from a borrower claiming to have issues making a payment on their mortgage. The email doesn’t clearly reference a speci fi c customer account, but the loan servicing specialist believes it is legi Ɵ mate and opens the email, which prompts them to enter their O ffi ce365 creden Ɵ als to access the encrypted email. Within a short Ɵ me, ransom screens appear on some company computers throughout the organiza Ɵ on. Many departments all around the company’s home o ffi ce loca Ɵ on are repor Ɵ ng that they cannot access the company’s network. Sta ff in the regional servicing facili Ɵ es report similar issues using shared applica Ɵ ons, as well as issues with connec Ɵ vity to the home o ffi ce. The systems needed to perform cri Ɵ cal daily func Ɵ ons are nonfunc Ɵ oning or are now performing erra Ɵ cally. These include:  Core Servicing Pla ƞ orm: ‐ Overview: The primary system used for loan onboarding, payment processing, escrow management, loss mi Ɵ ga Ɵ on processing and tracking, investor remi ƫ ng and repor Ɵ ng, and servicing for client por ƞ olios. ‐ Impact:  Loan Processing Disrup Ɵ on: The a Ʃ ack has led to a complete halt in loan onboarding and processing for client por ƞ olios.

 Payment Processing Stands Ɵ ll: Escrow management and mortgage payment processing capabili Ɵ es have been severely compromised.  Loss Mi Ɵ ga Ɵ on Processing and Tracking: The company’s ability to process and track progress in ful fi lling loss mi Ɵ ga Ɵ on for delinquent and defaulted borrowers has been halted because the system of record is inaccessible.  Investor Repor Ɵ ng and Remi ƫ ng: The company’s ability to accurately account for investor funds has been compromised due to the system interrup Ɵ on.

 Customer Informa Ɵ on Database: ‐ Overview: Holds cri Ɵ cal borrower informa Ɵ on, including payment histories, contact details, and transac Ɵ on records.

13