Analysts Spot a Wave of SVB-Related Cyber Fraud Striking the Business Sector

  /     /     /  
Publicated : 23/11/2024   Category : security


Analysts Spot a Wave of SVB-Related Cyber Fraud Striking the Business Sector


Over the weekend, cybercriminals laid the groundwork for Silicon Valley Bank-related fraud attacks that theyre now starting to cash in on. Businesses are the targets and, sometimes, the enablers.



Right now, hackers are developing phishing campaigns that capitalize on the news of Silicon Valley Banks failure.
SVB was the 16th-largest bank in the United States, known primarily for servicing Silicon Valley startups and technology companies, including such name brands as Buzzfeed, Roblox, Trustpilot, and Roku. A chain reaction beginning with global inflation and ending with a run on deposits saw regulators shut down the bank on Friday.
SVB customers panicked over the weekend
, unsure if they would recoup their deposits. And, right on cue, hackers are exploiting the SVB situation to prey on peoples emotions, Ironscales CEO Eyal Benishti says. Theyre incorporating SVB-relevant content into their existing, proven tactics that create a sense of urgency when their victims are distracted and less alert.
Indeed, analysts have picked up on a wave of SVB-related attacks this week — phishing and otherwise — with dozens of new threats arising daily. And, unfortunately, perfectly legitimate companies are actually, unwittingly, helping the attackers along.
Oren Koren, CPO and co-founder of Veriti, saw the data start to flow in right away. Hackers started on March 10 and 11, buying domains that are very close to domains related to SVB, he says. The domains reference payments, or a bailout, or try to mimic legitimate SVB domains — such as, Benshiti says, svblogin[.]com and login-svb[.]com. Sometimes, hackers take a less tactful approach — something like wefinancesvbclients[.]com.
Koren observed as the perpetrators, having registered their lookalike domains, created and tested their phishing attack flows. Before you deploy, you create a phishing process, and then you test it on yourself to verify it works, he explains.
In one case, a malicious actor tipped their hand by clearly testing their infrastructure from Turkey. That was a mistake, and thats why we know he started there, and then eventually moved to target the US, he notes. In all, Koren has observed attacks from two major groups, in addition to some smaller entities.
As of this writing, Veriti has tracked more than 62 new domains registered for SVB-related attacks, and 200 phishing attacks in all, primarily against targets in the United States (understandable, as most of SVBs clients are US-based companies).
That hackers capitalize on important news stories is nothing new — its
a pattern that repeats itself

time and time again
. Whats interesting and somewhat unique to this case is how the public may be inadvertently helping the offenders achieve their goals.
The analysts who spoke with Dark Reading emphasized the many ways in which the public response to SVB is actually making hackers jobs easier.
Koren made note of websites like affectedbysvbornot.com and svbmeltdown.fyi, which have been publishing lists of customers affected by SVB, and how badly they were exposed. Its important from a publication perspective, he admits, but for attackers, those services allow them to know better whom they should target. Attackers can use specific details from these websites to help legitimize their phishing emails, or scale ransom payments according to how much money they see these companies stowing away in their coffers.
Ryan Kalember, executive vice president of cybersecurity strategy for Proofpoint, points to an even more subtle problem. As SVB customers shift to other banks, theyre having to inform clients and vendors about new channels for payments. Those notifications, sometimes, arent so distinguishable from phishing.
Take the perfectly honest email below — a vendor notifying clients that, due to SVBs failure, payments should be sent to a new bank account. As a result of that news, it reads, we are asking that
with immediate effect
your Companys payments that we previously directed be paid to Silicon Valley Bank, now be paid in accordance with the
attached
letter from our Finance Department.
So actually, the email is extremely unhelpful, Kalember explains, because even if it provides the right account details, it looks so much like phishing, from the language right on down to the minor details. It even looks extremely malicious, because of the .docx.pdf.
Kalember had to deal with this payment problem first hand — not just from a security analysts perspective — since his own company had limited exposure to SVB. When notifying relevant clients, he advises a more careful approach. What the email should say is: Please call us in a pre-recognized fashion, to an official and indisputably legitimate phone number. And we will discuss kind where we should go from a payment perspective going forward.
To address the broader issue of SVB-related attacks, Benishti highlighted the need for a security-forward culture, and reviewing internal security processes. Companies should also have robust systems in place, he says, to detect fake login pages and prevent credential harvesting, which will be a featured play with SVB-related scams.
Koren thinks the solution is even simpler. He gave an example of one organization thats already targeted in an SVB phishing campaign. They had anti-phishing in their mail security, he points out, alongside robust endpoint and network security solutions. Unfortunately, in this case, their security was not maximized. The phishing email got through. They have all the technologies necessary to protect from those kinds of attacks, they specifically just hadnt used it, because they were not aware that they have a technology to do anti-phishing.
Most organizations, Koren says, are in a similar position. So the goal is to maximize what you have, from a security perspective, or use automations and AI just to do that. As SVB-related campaigns continue to rise, companies will certainly need to maximize what security they already have.

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Analysts Spot a Wave of SVB-Related Cyber Fraud Striking the Business Sector