Research shows that cyber criminals are actively targeted the housing sector, probably because it’s undergone significant digital transformation. As expected, this transition has coincided with a 20 per cent rise in cyber attacks against the sector as of October 2023, highlighting the growing threat posed to the sector by offensive cyber operations.
Housing organisations are highly desirable targets for cyber criminals because of their large volumes of sensitive customer data, including legal, financial and personally identifiable information (PII). Since January 2024 (reported incidents only, obviously), worldwide housing-sector cyber targeting breaks down into four types:
- 31 ransomware attacks (38 per cent);
- 29 data breaches (35 per cent);
- 12 DDoS attacks (15 per cent);
- 10 defacement efforts (12 per cent).
Multiple attack vectors
Of the wide array of attack vectors available to cyber criminals, ransomware attacks and the accompanying data breaches have emerged as the most prominent. We think this is likely to be because of the potential for the sought-after sensitive data to be leveraged for financial extortion. Criminals also perceive a lack of cyber-security awareness in the workforce.
We’ve also detected consistent trends that would also explain the surge in ransomware attacks against the housing sector. Ransomware operators are continuously developing their capabilities to remain relevant and to increase their yields of illicit revenue. This has included pivoting to more aggressive extortion methods, as well as crafting more malicious payloads to cover more operating systems (incl. Linux) compared with the typical Windows-based attacks of the past.
Phishing campaigns remain popular because this attack method, which involves the delivery of emails embedded with malicious links, is inexpensive, convenient to deploy and easily spreadable.
Watering-hole attacks
In addition, we’ve discovered a recent trend of housing providers being targeted with ‘watering-hole’ attacks. This is when threat actors apply social-engineering techniques against victims by tracking their online movements, thereby generating behavioural patterns of the most frequently-visited websites. The threat actors subsequently target these sites via known exploits or zero-day flaws and wait for the targets to visit the now-compromised website of their own accord, thus leading to a potential third-party compromise.
Finally, given that a significant portion of housing providers depend on third parties to supply services such as IT management, the threat of supply-chain attacks is worth mentioning. As organisations continue to strengthen their cyber resilience, threat actors have increasingly launched their attacks further along the supply chain, attempting to infiltrate third-party suppliers as an indirect mode of access into their primary targets.
Impact of a cyber attack
Housing providers are likely to suffer a variety of consequences following a successful cyber attack, including intruders accessing organisational data, loss of service, financial loss and reputational damage. Fortunately, there is much that can be done to prevent the worst from happening.
Defence against these threats
It is critical for housing providers to understand how to defend themselves against cyber criminals; here are three key actions they can take:
Reduce the threat by detecting it in the early stages through the use of an effective and monitored end-point detection and response (EDR) solution. An effective EDR tool will block ransomware attempts once detected. Organisations can also perform routine back-ups of any sensitive data that’s required for business operations and keep a copy offline in case back-ups are impacted by the attack.
To defend against phishing attempts, it’s vital for a number of protocols to be followed including enabling multi-factor authentication (MFA), enforcing strong password policies and training employees in how to detect malicious emails.
Finally, to defend against the growing threat of supply-chain compromise, it’s critical that housing providers ensure that their software is up-to-date and that security patches are applied as soon as they become available to prevent malicious cyber actors from gaining access to their network.
Craig Watt is a threat intelligence consultant at Quorum Cyber.
