Huge increase in cyber attacks targeting the real estate sector | spcilvly

Cyberattacks are becoming increasingly sophisticated as threat actors continually evolve their tools and tactics.

They leverage advanced technologies, use social engineering techniques, and collaborate in sophisticated cybercrime networks.

The real estate and utilities industries have seen a notable increase in intrusions over the past three months, according to the recent study report shared with CYFIRMA’s Cyber ​​Security News (CSN) team.


Free Trial

Implementing “Trustifi” AI-powered email security solutions can protect your business from today’s most dangerous email threats such as tracking, blocking, modification, phishing, account takeover, business email compromise, malware and ransomware.

The last 90 days in numbers

Real estate and utilities appeared in 13 of the 59 campaigns observed, representing 22% of the total, lower than the industries most attractive to nation-state threat actors.

In addition to this, Chinese cyber activity also increased with the use of the Barracuda ESG vulnerability. However, since then no new victims of real estate or public services have been observed in these campaigns.

attack count
Attack count (Source – Cyfirma)

Below we mention all the threat actors involved:-

Threat actors
Threat actors (Source – Cyfirma)

Real estate and public services attract both financially motivated actors and state actors. Europe, potentially a target of Russian-linked threats amid the Ukraine conflict, is experiencing the most attack activity.

Geographical distribution
Geographic distribution (Source – Cyfirma)

Cyberattacks primarily target web applications and operating systems across all sectors, with cases of VPNs and application infrastructure being compromised.

Most attacked technologies
Most attacked technologies (Source – Cyfirma)

Phishing attacks

This report excludes Internet service providers from the analysis and focuses on water and energy utilities. Phishing lures targeting utility companies are highly localized, deterring threat actors looking for broader targets.

CYFIRMA telemetry detected only 42 phishing attacks targeting utilities and none related to real estate in the past 3 months, with a primary focus on broader phishing campaigns.

Global distribution of phishing topics by sector
Global distribution of phishing topics by sector (Source – Cyfirma)

Impersonated brands

Below we mention all the brands of the real estate and public services industry that are impersonated:-

  • Pkn Orlen
  • Swiss Energy Office
  • ENEL Energy SPA
  • Polska Grupa Energetyczna

ASN telemetry revealed PKN Orlen phishing linked to the US, while the Swiss Energy Office had Swiss roots, and Italy’s Enel Energia and Polska Grupa Energetyczna traced back to the German ASN, indicating an international campaign of PKN Orlen against local cybercriminals.

Origins of the attack
Origins of the attack (Source – Cyfirma)

CYFIRMA found 117 ransomware victims in the real estate and utilities sector in the last 90 days, 7.4% of 1,579 incidents, with a sharp increase in August.

Lockbit3’s August surge leads, driven by Cl0p (+Torrents), while 8base with ALPHV and Akira maintain stable numbers. The five main gangs account for 59% of the victims, but smaller groups continue to cause significant damage.

Top ransomware gangs
Main ransomware gangs (Source – Cyfirma)

Of 45 active gangs, 29 targeted real estate and utilities, and Cl0p showed minimal interest in this sector.

Target victims

The United States leads with 65 of 112 victims, highlighting global ransomware threats that know no borders, as cyber attackers target vulnerable organizations around the world.

Geographic distribution of victims
Geographic distribution of victims (Source – Cyfirma)

Nation-state APTs show limited interest in real estate and utilities, focusing primarily on energy, especially in Europe amid the conflict between Ukraine and Russia.

Real estate and utilities lack appeal for widespread phishing due to localized fragmentation. Lockbit3 is the main gang, while Cl0p has fewer victims in this industry. However, in addition to this, the most affected sectors are real estate developers and construction companies.

Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the Free Trial to guarantee 100% security.

Leave a Reply

Your email address will not be published. Required fields are marked *