SitusAMC, a real estate finance platform, announced it experienced a cyberattack. On Nov. 22, the organization released a statement regarding the incident, revealing that "certain information" was compromised from their systems as a result. 

The statement read, "Corporate data associated with certain of our clients’ relationship with SitusAMC such as accounting records and legal agreements has been impacted. Certain data relating to some of our clients’ customers may also have been impacted. The scope, nature and extent of such impact remains under investigation by the Company and its third-party advisors." 

This incident occurred on Nov. 12. Upon discovery of the attack, the organization states that it began its investigation and cooperation with law enforcement officials. 

Below, security leaders discuss the implications of this cyberattack. 

Security Leaders Weigh In

Piyush Pandey, CEO at Pathlock:

This breach underscores the need for organizations to adopt an “assume breach” mindset — not only in theory but in practice, especially for those providing services to financial institutions and other critical infrastructure organizations. That means investing not just in preventive measures, but also in controls that enable rapid detection, containment, and remediation of attacks. This approach helps limit the scale of a breach and supports faster recovery.

Dave Tyson, Chief Intelligence Officer at iCOUNTER:

Third parties have always been a desirable target for cybercriminals, although as a vector in enabling targeted attacks they were rarer because they required deep knowledge of internal systems, executive profiles, business system connections, and IT infrastructure to be highly effective. Now, AI is making this level of targeting available to a much broader class of threat actors who can profile, conduct reconnaissance, and launch a sophisticated, cost-effective targeted attack with precision and speed.

What was once limited by manual capacity and expertise is now able to be delivered as a commodity ranked by likelihood of successful compromise, maintaining anonymity, and value of the breach.

This new capability available at scale to cyber criminals requires defenders to rethink their approach to protecting their attack surface, and to consider their entire connected ecosystem of third parties and supply chain in their monitoring or active compromises. Being able to alert when key third parties are at risk or actively compromised creates the time to counter the threat within your environment; this requires knowledge of what data is held by the third party, the extent to which you are reliant on that third party for critical business operations, and the nature of the connection between the organizations and the extent the compromise of the third party could lead to a compromise of your environment.

Lost data lasts forever, it can give visibility beyond the account information of a customer, provide understanding into how an organization classifies information, normal nomenclature, and operational norms, that can be used later in a separate type of attack; organizations are often limited by how fast they can change technology, infrastructure, and operating structures making some data highly value as a roadmap to illuminate internal process. Individual data can be combined with information from other sources to provide a treasure trove of ill-gotten intelligence for cyber criminals to utilize over years to come.

Agnidipta Sarkar, Chief Evangelist at ColorTokens:

There has been a substantial rise in reliance on third-party service apps and vendors across Wall Street firms in recent years, with many banks offloading core processes, such as mortgage servicing, analytics, compliance, and even payment processing, to specialized technology providers. SitusAMC provides loan servicing, asset management, compliance, and valuation services to many large financial institutions. 

The breach should be of significant concern to firms on Wall Street because of interconnectedness of data flows. Typically, accounting records and legal agreements contain system architecture diagrams, data-sharing clauses, SLAs, or references to internal tools which could be goldmines for attackers planning follow-on intrusions. If credentials are stolen, then there is potential of lateral movement at each of the firms who use the app, unless they have adequately designed microsegmentation or if they use cryptographic password less credentials tied to associated hardware. Though currently unknown there could also be an impact on investors if their credentials are lost. The other fallout could be regulatory scrutiny, depending on how the details of the breach evolve in the next few days.

The first thing that potentially affected enterprises should do is to reset access credentials immediately, where practically possible, especially with third-party suppliers. Then they should review the fallout of this breach to determine if they need to enhance, or adopt, a breach ready approach using microsegmentation and just-in-time cryptographic authentication, especially to isolate suppliers and customers from other critical systems.