Realtors' network taken down by cyberattack.

A cyberattack against data hosting provider Rapattoni Corporation has taken down numerous Multiple Listing Services (MLS) used by realtors around the country. Peg King, a Coldwell Banker agent in Petaluma, told the North Bay Business Journal, “It's paralyzed the real estate industry. We can't add listings. We can't make price changes. We have no idea how to show properties unless we try to figure out who has something listed.”

The Real Deal reports that the incident was a ransomware attack, and the FBI is investigating.

The supply chain attack surface.

Carol Volk, EVP, BullWall, cites the incident as evidence of the size of the attack surface. "This is a perfect example of how wide the ransomware attack surface has become. This mirrors the increase in attacks we’re seeing on public infrastructure. There’s just no aspect of our lives not impacted by digital transformation which has the unfortunate side effect of making it all vulnerable," she wrote. “Every one of us is a provider of services to others in our social supply chain and we are responsible to those we serve, both locally and across the “chain,” to maintain the highest level of cyber security to both protect our data and our ability to provide service. It has been shown time and again that the follow-on damages of a cyber attack can be much greater than just the loss of data with regards to the direct and imputed costs."

Ransomware in the supply chain.

Emily Phelps, Director at Cyware, observed that, “When an organization serves 100,000+ members, a ransomware attack has far-reaching consequences, for the organization, its members, and their clients. Nothing happens in a vacuum so we must break down the silos that negatively impact cybersecurity. She added some advice on preparing for this kind of attack. “Organizations can shore up their defenses by leveraging automation tools that enable collaboration and threat intel integration so that lean security teams can more efficiently address threats. They should conduct regular security awareness training so employees are armed to recognize and avoid common threat tactics such as phishing attacks; mandate security controls like strong passwords or passphrases and multi-factor authentication; regularly patch and update systems and software; and they should consider third party security partnerships that can act as an extension of their teams, gaining expertise that is more difficult to resource and retain internally.”