Home / Daily Dose / Ellie Mae: Cyber Attackers Could Have Mortgage Industry Knowledge
Print This Post Print This Post

Ellie Mae: Cyber Attackers Could Have Mortgage Industry Knowledge

In an article reported by National Mortgage News, the recent technological attack on Ellie Mae could have been carried out by individuals with mortgage industry experience, the vendor says.

The attacks occurred over a two-day span from March 31 to April 1, overwhelming the company's servers with data requests that appeared to be legitimate communications. The cyber attack flooded Ellie Mae servers with requests to a URL that is used to download an XML file containing third-party technology vendors that integrate with the Encompass LOS via the Ellie Mae Network.

"It was a massive number of requests that came in and consumed the full capacity of one set of our servers around a specific URL," said Ellie Mae President and COO Jonathan Corr. "Where a classic denial-of-service attack would be a request that comes in that is not valid and would just create a lot of failed attempts, this was a valid request with a normal signature."

The attack was particularly suspicious, hinting at mortgage industry knowledge, for a few key reasons. First, the request appeared valid and was using a normal signature. Additionally, the cyber-attack occurred on the last day of the month and the last day of the quarter, a critical time for loan closings.

"That could be coincidence, I don't have evidence otherwise, but we find it very disturbing and we're trying to figure it out. It seems like that could be a possibility," Corr added.

The XML file being requested contains no sensitive data, and appeared like a request that would come from a client application used to access Encompass and the Ellie Mae Network—making it hard to initially identify the requests as a threat.

A press release issued by the company attempted to reassure users.

"Ellie Mae's technical operations teams are continuing their work to restore full functionality for Encompass users," the release said.

Sig Anderman, founder and CEO of Ellie Mae, commented, "We recognize the critical role our services play in enabling our clients to serve their customers and deeply regret the inconvenience and delays they are experiencing. The performance and security of our platform is our number one priority. We are doing everything within our power to restore full operations as soon as possible."

Ellie Mae has hired Stroz Friedberg, a cyber-security and digital forensics firm, to look into the attack as well as any possible data or security breaches.

The investigation of the attack is ongoing.

About Author: Colin Robins

Colin Robins is the online editor for DSNews.com. He holds a Bachelor of Arts from Texas A&M University and a Master of Arts from the University of Texas, Dallas. Additionally, he contributes to the MReport, DS News' sister site.

Check Also

FHFA Strategy Focuses on Post-Conservatorship Years

The Federal Housing Finance Agency (FHFA) has released an updated strategic plan that envisioned a ...

Your Daily Dose of DS News

Get the news you need, when you need it. Subscribe to the Daily Dose of DS News to receive each day’s most important default servicing news and market information, absolutely free of charge.