Cybersecurity experts caution that scammers are profiting from the turmoil caused by the collapse of Silicon Valley Bank.
Silicon Valley Bank collapse has officially been ranked as the biggest U.S. bank failure since 2008. Before becoming notorious for its chaotic demise, Silicon Valley Bank was not a household name. Many of its clients were venture capital firms, startup firms, and rich high-tech workers. After decades of competing with big-name financial institutions, the bank fell in a matter of days.
Hackers Diving In
Threat actors, as we have already seen in the past during other crises, are already registering impersonated domains, creating and luring victims to phishing landing pages, and planning for business email compromise (BEC) attacks.
These operations seek to defraud targets by stealing money, account information, or malware.
Many phishing emails were observed to target victims with assets in Circle. After the closing of SVB, Circle notified the public that it had cash reserves in SVB. Scammers exploited the vulnerable situation by sending emails spoofing Circle and telling victims they could redeem the cryptocurrency. The malicious emails contain links that lead to a website where the contents of a victim’s cryptocurrency wallet can ultimately be stolen.
Beware of Third-Party Attacks
JupiterOne Chief Information Security Officer Sounil Yu explained that attackers will likely pose as reputable third-party vendors to convince victims to change their banking accounts over to an attacker-controlled financial institution.
“Given SVB’s breadth of exposure across the startup ecosystem, we should expect to see many finance teams receiving an unusually high number of updates about new banking relationships and wire instructions,” Yu predicted. “Attackers are likely to indiscriminately impersonate vendors regardless of whether the vendor previously banked with SVB or not. As such, finance teams will need to be extra diligent to confirm that the updated details of any of their vendors are indeed correct.”
The day after SVB’s collapse, a large number of domains with the initials “SVB” were registered on the web. A majority of them will likely be leveraged for malicious purposes.
If you were an SVB account holder, be sure to follow the official instructions of the U.S. government and the FDIC. Practice increased vigilance in regard to unknown email senders, and assume that any SVB-related emails (even from familiar senders) with requests for any information are suspicious.