Silicon Valley Bank (SVB) was shuttered early this month and had its deposits seized in the largest U.S. bank failure since the 2008 financial crisis. Once the 16th largest lender in the United States, SVB’s failure makes it the second largest ever such institutional collapse. The ramifications could be far-reaching. Already there are concerns that start-ups may not be able to pay employees in the days and weeks ahead.
Although it may seem like SVB’s collapse will only impact its direct customers and depositors, it is far more complicated than that. Vendors of the failed bank – whose holdings are now managed by the Federal Deposit Insurance Corporation (FDIC) – may also soon feel the impacts of the Santa Clara-based bank’s collapse and subsequent takeover by financial regulators. Like vultures to roadkill, cyber scammers often wait to exploit and target victims after tragedy strikes, or bad news arises. A perfect storm of stress, uncertainty, and urgency for customers and vendors alike during this time can impair someone’s judgement when they click links and open emails they otherwise would ignore or delete.
Below, Fortalice has outlined a few different ways cybercriminals social engineer their victims during times of extreme distress and insecurity. Now, more than ever, is a time to stand guard, stay aware, trust your gut, and remain one step ahead of the bad guys.
Since news of the collapse broke, cybersecurity firms have been monitoring the registrations of SVB-related domains and the vendors of SVB customers because cyber criminals could use these SVB-related domains to launch phishing attacks. Listed below are some suspicious domains that emerged after March 10, 2023:
Cybercriminals will undoubtedly target SVB victims though business email compromise (BEC). Most likely, these fraudsters may pose as a trusted person to scam a victim into wiring them money.
There are numerous reports that cybercriminals are targeting former SVB customers in the United States, France, and Spain by impersonating the representatives of the new shuttered bank in an attempt to trick victims into divulging their account information or login credentials.
In the wake of the collapse, nefarious phishing sites have proliferated online (e.g., svp-usdc.net, circle-reserves.com) with the false promise of a USD coin (USDC) reward program. With this scam, the bad actors claim that SVB is actively distributing USDC to eligible clients as part of its own USDC payback program. The scammers are aiming to steal cryptocurrency from the victims account by offering USDC. One such scam directs the victim to click on a QR code to receive the USDC using any cryptocurrency wallet. Unbeknownst to the victim, scanning the code will compromise the user’s online wallet account.
Employees at companies who banked with SVB should also be aware of potential internal and external impersonation attacks, such as emails purporting to be from their Chief Financial Officer, Human Resources, or an accounting specialist informing them that they need to register an online account with the company’s new bank. Other related scams my target employees in a company’s finance department with instructions on updating details regarding the company’s wiring information.
Bad actors will also leverage uncertain times like these to launch another method of attack via supply chain compromise. A cybercriminal may conduct Open-Source Intelligence technology research on a SVB client to identify vendors. Once attackers have identified a vendor of an SVB client, they will try to leverage compromised accounts from vendors to launch attacks that are specifically designed to bypass your organization’s traditional email security protocols.
Companies all around the world are trying to navigate and decrease cybersecurity risks associated with the SVB closure. Below are some recommendations to help reduce your vulnerability during this time:
It may be a stressful and challenging time to navigate transitioning financial institutions or understanding the situation facing Silicon Valley Bank and Signature Bank; however, Fortalice stands ready to support you:
For additional information on Fortalice Solutions service offerings, contact the team via email at firstname.lastname@example.org.
Increasingly, cyber actors are employing LOTL attack, which blend (and obscure) their nefarious activities with legitimate tools and infrastructure already found (and regularly used) in your environment to mask their presence while greatly minimizing their chances of detection and attribution. Typically, the introduction of a third-part application generates an alert to the host from an endpoint detection and response (EXR) product. Unfortunately, LOTL enables the actor to skirt detection more easily and effectively.
On June 1, Progress Software (Progress) announced it had identified a vulnerability in its MOVEit File Transfer Tool. The vulnerability allowed cybercriminals to exploit a critical SQL injection that could lead to escalated privileges and potential unauthorized access to the environment.