In recent news, Silicon Valley Bank (SVB) experienced a failure and was shut down by regulators, which caused quite a bit of a stir within the tech and finance communities. In the wake of this event, cybercriminals are likely to use the news to take advantage of organizations and individuals.
In this post, we will explore how cybercriminals may use the SVB collapse to launch attacks and what organizations can do to protect themselves.
How cybercriminals will use the SVB collapse to launch attacks
1. Website scams
Dr. Johannes Ullrich, Dean of Research for SANS Technology Institute, reported that threat actors are taking advantage of the opportunity, registering suspicious domains related to SVB, which are likely to be used in attacks.
Some of the examples given in a report published on the SANS ISC website include:
- login-svb[.]com
- svbbailout[.]com
- svbcertificates[.]com
- svbclaim[.]com
- svbcollapse[.]com
- svbdeposits[.]com
- svbhelp[.]com
- svblawsuit[.]com
These suspicious websites can be set up as a front for potential victims to give out personal information or access data in exchange for information. Some of these websites are also running a scam promoting a bogus USDC reward program. A QR code will be displayed if the user clicks on the “Claim now” button, and scanning it will result in the compromise of their wallets.
2. Phishing attacks
These domains can also be used to send out phishing emails, impersonating the bank and asking victims to click on links, download a file, or to provide sensitive personal information and account details. With spoofers and generative tools to craft messages in perfect grammar, it’s no longer as easy to spot and identify phishing emails. As a security expert, consider giving your organization a refresher on the other telltale signs of a phishing attack, such as:
- Urging victims to take immediate action
- Generic greeting
- Fear-inducing subject headers
- Requiring “enable macros”
- Suspicious attachments in email
3. Social engineering tactics
We should also be expecting a rise of social engineering attempts. As SVB account holders move their finances and operations to other banks, they will notify customers with their new account details. In today’s supply chain landscape where companies work with a large amount of suppliers, finance departments will be bombarded with account change requests.
Managing this increased volume of requests makes it more likely that a malicious bank change request is accidentally approved. Coupled with internal information threat actors could have gotten access to through a phishing attack, these attacks will become harder to differentiate.
4. Ransomware attacks
Ransomware attacks involve encrypting an organization’s data and demanding payment in exchange for the decryption key. Cybercriminals may use the SVB collapse as a pretext to launch ransomware attacks against financial institutions or other organizations in the financial sector. These attacks can cause significant disruption and financial losses.
How organizations can protect themselves against attacks related to the SVB collapse
1. Educate employees
As the cybersecurity expert in your organization, you can help educate or refresh your coworkers on best practices such as:
- Ignoring any emails from unusual domains, and triple-check any requests from alleged SVB banking customers who request that you change bank account details for payments.
- Getting information only from official sources, in this case, the U.S Government and the FDIC.
- Avoid downloading files from unknown websites.
2. Monitor for suspicious activity
On your end, it’s probably business as usual, but with extra care towards:
- Any file exfiltration or suspicious activity from entities that may be compromised (a user entity and behavior analytics solution can help you identify hard-to-find user anomalies)
- Monitor your network for any malicious activity and stop it before it can cause any harm
- Ensure that endpoints are well secure and protected
To reduce risk, you should implement security protocols such as two-factor authentication and limit access to sensitive information to only those who need it. You can also conduct regular security assessments to identify vulnerabilities and potential attack vectors.
3. Implement technical defenses
Organizations need to prioritize implementing technical defenses such as firewalls, intrusion detection systems, endpoint security solutions, and security information and event management (SIEM).
As a Zero Trust best practice, you should segment your network to prevent lateral movement by attackers. A network detection and response (NDR) platform can help you detect advanced network attacks. Also, regular backups and disaster recovery planning will ensure a quicker recovery from an attack.
Reduce risk and spread security awareness
Cybercriminals are exploiting vulnerabilities from the SVB collapse to launch attacks against organizations and individuals in the financial sector. You can protect your business by educating employees, monitoring for suspicious activity, and implementing technical defenses. By prioritizing cybersecurity and staying vigilant, organizations can better protect themselves and their customers from the devastating impact of bad actors taking advantage of an already difficult situation.
To learn best practices for spreading security awareness across your organization, download our Security First Guidebook.