SVB collapse rocked the financial industry, yet cybersecurity is also challenged. Learn what are the main possible cybersecurity risks amid SVB collapse
Silicon Valley Bank has been shut down after a bank run that followed an insolvency risk and a stock crash. The Federal Deposit Insurance Corporation (FDIC) has been named the receiver. It has established a deposit insurance national bank through which SVB customers will be able to access the insured part of their deposits.
The SVB collapse grabbed enormous public attention. There’s no wonder as bank account holders, their suppliers, and customers want to know whom to blame and what to do. Financial experts learn the issue far and wide, making predictions and giving advice. However, other spheres also face turbulence due to the bank collapse.
Namely, the SVB collapse poses multiple cybersecurity risks. It’s an extraordinary event accompanied by uncertainty, fear, and panic. In such an environment, cybercriminals spring up like mushrooms in the rain. Thousands of SVB account holders as well as their customers and suppliers, are now the desirable targets of cybercriminals. And the latter seize all the opportunities to take advantage of this emergency.
In this article, we summarize the main risks organizations are likely to be exposed to, as well as best practices to encounter and mitigate them proactively.
Most successful cyberattacks leverage human vulnerability. SVB shutdown brought stress and uncertainty among the bank account holders, their suppliers, and customers. They are totally wrapped up in the hustle and bustle of the collapse, feeling outstanding financial pressure. Such a messy environment fuels social engineering attacks that exploit human weaknesses by spreading fear, panic, and uncertainty.
Financial services are the industry where humans are the weakest cybersecurity link, according to Proofpoint. At the same time, the human element was attributed to 82% of breaches in 2022, as the Verizon Data Breach Report estimates. In most of these breaches, hackers used phishing and business email compromise as the initial attack vector.
Former SVB account holders, their suppliers, and customers now make perfect marks for phishing attacks and other scams. Criminals know people under financial pressure may have no time or expertise to scrutinize information before making a decision. Therefore, they would use the tactic of intimidation, playing on emotions and a sense of urgency to gain their criminal aims.
Beware of this, and take a look at simple and the most “expected” attack scenarios.
Social engineering can come in the form of phishing/vishing/smishing or any other attack technique. So your Signal / Telegram / WhatsApp and other social media groups may serve as possible attack channels.
Over the next few weeks, SVB account holders will be moving their finances and operations to other banks. While doing this, they will notify their customers about their new account details for future wires. Taking into consideration the modern supply chain density, you may also be bombarded with similar requests from your suppliers related to changing these accounts, too. Such an environment will instill a sense of anxiety and urgency in busy recipients, letting down their guard regarding fraud (making them less alert to the fraud).
The most typical fraud pattern in such a messy environment would be impersonating a legitimate destination for money transfers through business email compromise (BEC). For example, the criminals will impersonate one of your suppliers, claiming that it has moved from SVB to another bank. They would ask their unsuspecting victims to wire payment to this new account. The significantly increased volume of requests and a sense of urgency makes it far more likely to approve a malicious bank change request accidentally.
Beware that adversary may not only pretend to the SVB account holders and their suppliers. They also may send messages impersonating Federal Deposit Insurance Corporation (FDIC), California Department of Financial Protection (CDFP), or other government agencies containing a reassuring message that your deposits in SVB can be fully returned. (We are not referring to a joint statement of the Treasury Department, Federal Reserve, and the Federal Deposit Insurance Corporation (FDIC) that depositors of SVB would have access to all of their money.) For this to happen, you should urgently log in to your new bank account following the provided link or opening attachments. As soon as you follow the link, you will be redirected to an adversary-controlled web page and your credentials will be compromised.
In addition to the above direct risks, adversaries may spread fake news on the alleged collapse risk of additional banks to accelerate panic and uncertainty spreading. You have probably seen pessimistically written no-name blog posts about the enormous risks following the SVB collapse. You may also see viral messages informing you that the bank you’re currently working with is at risk and urging you to withdraw your deposits before it becomes too late. We haven’t yet seen any such attacks, but it’s highly likely that they will begin presenting themselves in the next few weeks. So, forewarned is forearmed.
Security awareness is the first layer of defense you have against these attacks. The potential victims should know all about these attacks to stay alert and will be less likely to fall victim. Thus, refreshing phishing and BEC training for you and your employees is a must.
If you’re a vendor, send an email to your customers explaining the process for wire changes, including all the expected verification steps. This can help people differentiate between real and fake communications and increase awareness against potential future attacks.
Make sure that your payment processes are strong. Always check your transaction details to flag a potentially fraudulent transaction and protect your business before fraud occurs. Add a policy that does not allow for the transfer of funds to accounts that have been modified in the last 7 or 14 days. This will give enough time for the vendor or the auditor to notice it before any money has been wired. If needed, add another layer of manual verification or signature. It’s important to ensure there is no way for a bank account to be compromised.
Set up additional monitoring of account activity and financial activity. Pay extra attention to failed logins, multifactor authentication (MFA) failures, etc. Find more on access controls in our article Reinforcing the Weakest Security Link with Access Controls. Executive accounts and finance departments should get special vigilance, as they’re the most likely targets of attackers.
If you are a (former) SVB account holder, make sure that you monitor any account change notifications from your customers and carefully check each one of them.
For additional information on protecting yourself against social engineering amid the SVB agiotage, please read our blog post Protect Yourself Against Social Engineering.
The SVB collapse presents an outstanding opportunity for cybercriminals. So, make sure you, your business, and your customers won’t become affected. The primary steps to protect against cybercrime amid SVB collapse are raising awareness, implementing better processes, and undertaking tighter monitoring. These small steps will prevent the SVB crisis from having even wider repercussions on your business.
Beware of cybercrime amid SVB collapse. Feel free to contact the Planet 9 team for help with your security challenges. We’ll be happy to assist!