Hot Topics
Security Bloggers Network 
SBN

Cybersecurity Circular: Threat Vectors Arising from #SVBCollapse

by Nicholas Tan on March 15, 2023

In recent news, Silicon Valley Bank (SVB) experienced a failure and was shut down by regulators, which caused quite a bit of a stir within the tech and finance communities. As with any big news story, we’re bound to see a rise of threat actors capitalizing on this event to launch targeted attacks and scams. In this case, where there’s urgency from making payrolls and paying bills, along with the lack of immediate information, scammers can launch simple and targeted scams.

In this blog, we’ll highlight some heightened cybersecurity risks that may be relevant to your work.

Rise of Suspicious Websites

Dr. Johannes Ullrich, Dean of Research for SANS Technology Institute, reported that threat actors are taking advantage of the opportunity, registering suspicious domains related to SVB, which are likely to be used in attacks.

Some of the examples given in a report published on the SANS ISC website include:

  • login-svb[.]com
  • svbbailout[.]com
  • svbcertificates[.]com
  • svbclaim[.]com
  • svbcollapse[.]com
  • svbdeposits[.]com
  • svbhelp[.]com
  • svblawsuit[.]com

These suspicious websites can be set up as a front for potential victims to give out personal information or access data in exchange for information. Some of these websites are also running a scam promoting a bogus USDC reward program. A QR code will be displayed if the user clicks on the “Claim now” button, and scanning it will result in the compromise of their wallets.

Phishing

These domains can also be used to send out phishing emails, impersonating the bank and asking victims to click on links, download a file, or to provide sensitive personal information and account details. With spoofers and generative tools to craft messages in perfect grammar, it’s no longer as easy to spot and identify phishing emails. As a security expert, consider giving your organisation a refresher on the other telltale signs of a phishing attack, such as:

  1. Urging victims to take immediate action
  2. Generic greeting
  3. Fear-inducing subject headers
  4. Requiring “enable macros”
  5. Suspicious attachments in email

Social Engineering

We should also be expecting a rise of social engineering attempts. As SVB account holders move their finances and operations to other banks, they will notify customers with their new account details. In today’s supply chain landscape where companies work with a large amount of suppliers, finance departments will be bombarded with account change requests.

Managing this increased volume of requests makes it more likely that a malicious bank change request is accidentally approved. Coupled with internal information threat actors could have gotten access to through a phishing attack, these attacks will become harder to differentiate.

What can you do?

As the cybersecurity expert in your organisation, you can help educate or refresh your coworkers on best practices such as:

  1. Ignoring any emails from unusual domains, and triple-check any requests from alleged SVB banking customers who request that you change bank account details for payments.
  2. Getting information only from official sources, in this case, the U.S Government and the FDIC.
  3. Avoid downloading files from unknown websites.

On your end, it’s probably business as usual, but with extra care towards:

  1. Any file exfiltration or suspicious activity from entities that may be compromised
  2. Monitor your network for any malicious activity and stop it before it can cause any harm
  3. Ensure that endpoints are well secure and protected.

Given the recent publicity surrounding the collapse of SVB, firms affected are going to become targets for threat actors who may use these phishing assaults. Organizations affected by this need to be vigilant and take preventative action to protect their sensitive data from potential cyber threats.

The post Cybersecurity Circular: Threat Vectors Arising from #SVBCollapse appeared first on LogRhythm.

*** This is a Security Bloggers Network syndicated blog from LogRhythm authored by Nicholas Tan. Read the original post at: https://logrhythm.com/blog/cybersecurity-circular-threat-vectors-arising-from-svbcollapse/

Nicholas Tan ,

Secure Guardrails