Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label SVB. Show all posts

Cybercriminals Exploit SVB's Downfall for Phishing

The downfall of Silicon Valley Bank (SVB) on March 10, 2023, has caused instability all across the global financial system, but for hackers, scammers, and phishing schemes, it's evolving into a huge opportunity.

Security experts have already observed a variety of schemes that take advantage of the situation, which has severely hurt tech companies. Proofpoint researchers reported on Twitter that they have observed scammers sending fraudulent emails pertaining to a cryptocurrency company impacted by the failure of SVB.

On March 12, a considerable amount of domain names with the name SVB were registered. Threat actors are preparing for business email compromise (BEC) attacks by registering suspicious domains, creating phishing pages, and more. These operations seek to defraud targets by stealing money, account information, or malware.

A campaign using lures related to USDC, a digital stablecoin linked to the USD that was impacted by the SVB collapse, was found, as per Proofpoint. Fraudulent cryptocurrency businesses were defamed in messages sent through malicious SendGrid accounts that pointed users to URLs where they could claim their cryptocurrency.

A substantial KYC phishing campaign using SVB branding and a template with a DocuSign theme was found, as per Cloudflare. Within hours of the campaign's inception, 79 instances were where it was discovered. An assault that included HTML code with a first link that changed four times before linking to an attacker-controlled website was also intended at the company's CEO.

The HTML file used in the attack directs the user to a WordPress instance with the capacity to do the recursive redirection, however, it is unclear if this specific WordPress installation has been hijacked or if a plugin was set up to enable the redirect.







SVB Collapse: An Attackers Paradise you Should Beware of


Lately, the Silicon Valley Bank has been closed down by the California Department of Finance Protection and Innovation. This was apparently the result of a bank run that followed the risk of insolvency and a stock crash. 

Customers of SVB will be able to access the insured portion of their deposits through the deposit insurance national bank, which has been established by the Federal Deposit Insurance Corporation, which has been designated as the receiver. 

Naturally, this problem is receiving a lot of attention. However, it is primarily concerned with the finances, namely what brought SVB to this point and what the risk is currently to the deposit owners. 

The Cyber Fraud Potential of the SVB Collapse 

In most effective cases of cyberattacks social engineering, deception, and fraud to take advantage of humans are used as bait, at least in part. According to IBM's Cost of Data Breach Study 2022, the initial attack vector is compromised credentials in around a third of cases. These credentials are typically acquired through phishing or other fraudulent activity. Business email compromise (BEC), on the other hand, is the second most lucrative assault method for organized cyber criminals. 

These attacks are most often fueled by chaos and confusion. Cybercriminals are well-organized and have a reputation for seizing openings. They now have a fantastic opportunity to target both current and past SVB consumers in addition to ex-SVB account holders. Customers of SVB are now easy targets for fraud and phishing campaigns. 

The fact that founders, CEOs, CFOs, and finance teams are currently dealing with uncertainty and a lack of information only serves to fuel the fire of attackers. When this happens, people tend to let their guard down and are more susceptible to being scammed by an email that contains any news (and preferably good news). Attacks like these can occur via email and other platforms catering to the founders and financial communities, such as forums and groups on Signal, Telegram, and WhatsApp. Everything becomes a potential point of assault. 

This type of social engineering, or other more conventional methods of gaining access, is merely a prelude to the primary effort we anticipate seeing: a sizable BEC campaign that takes advantage of the astronomical amount of account modifications already in progress. 

SVB account holders will provide their clients with their new account information for future wires when they shift their finances and activities to other banks over the coming weeks. Additionally, given the number of suppliers that businesses use in today's supply chains, finance departments will be inundated with demands to change these accounts. 

How can you Protect Yourself from SVB Related Attacks? 

Phishing campaigns, BEC, and similar attacks are all forms of fraud. They include some or the other kind of impersonation (most likely through a website, email, text message, Slack, or other messaging technologies), which entices victims to take action. Here, we are listing some ways through which one can protect themselves from SVB Related Attacks: 

  • Your awareness is your first line of protection against these assaults. Potential victims will remain more vigilant and be less likely to fall for such schemes if they are aware of the warning indicators to look for in these attacks. 
  • It is highly advised to mandate refresher phishing and BEC training for those who work directly for your business, including the founders, C-level executives, finance departments, customer success reps, etc. 
  • Ensure that your payment modification processes are reliable, and if necessary, add an additional layer of manual verification or signature—at least for the ensuing 30 to 60 days. It's crucial to ensure that no vendor you work with can update a bank account without making a real phone call and engaging in one-on-one communication. 
Moreover, it would be highly beneficial to set up additional monitoring of both account (phishing) and financial activities (BEC). In terms of phishing, be careful to increase the level of awareness of any prospective phishing assaults within your SOC. Pay close attention to failed multifactor authentication (MFA), unsuccessful login attempts, etc. Executive accounts and finance departments should be given extra attention because they are the most potential targets for these attacks.