The collapse of Silicon Valley Bank (SVB) is one of the greatest collapses since the great depression, coming years to the day after Bear Sterns’ collapse in 2008. Despite the government stepping in to insure deposits, the fall of SVB bank will result in a rush of organizations moving to other banking institutions to preserve their assets, even some that did not use SVB. Companies and individuals will look for institutions that deliver the lowest possible risk for their assets.
Cybercriminals will seize this opportunity to conduct a wide range of cyberattacks against organizations, hoping to capitalize on the fear surrounding the collapse of SVB. These attacks will range from phishing to direct impersonation of legitimate banking institutions hoping to get their hands on corporate assets. This article will prepare you for the coming onslaught by reviewing the different attacks utilized by cybercriminals attempting to scam your staff.
Fear is the Mindkiller
It’s not just a quote from an often remade science fiction movie. It’s a fact. Fear is the biggest danger organizations face. Staff at companies using SVB are afraid. Their world is in turmoil because this collapse has interfered with payrolls, invoicing, and vendor payments. Every aspect of businesses has been affected. Frustration is high, and that’s where risk thrives. Even organizations that were not members of SVB are afraid. How can they be sure their bank won’t become the next to fail?
Fear impacts decision-making, altering how people assess risks and amplifying normal risks. Common threats are being classified as excessively dangerous while overlooking questionable situations that come with the promise to alleviate fear and frustration.
The promise of more stability or a safer environment for handling financial transactions plays on insecurity, making people less suspicious and more susceptible to social engineering attacks such as phishing. For victims of the collapse, any offer of a speedy resolution and transferring funds to a new institution where they are told their assets will remain safe might convince them to hand over sensitive personal information or bank account data that they otherwise would never share.
Phishing and Social Engineering
Phishing attacks are a common form of cybercrime, even when the criminals aren’t capitalizing on an international banking crisis. Expect to be deluged by emails appearing to originate from well-known banking institutions. But take a second look. You’ll notice they are from similar domains with slight misspellings, making them difficult to differentiate from the legitimate domain. Requests will tempt users to log in to cloned sites that look like the bank. This will be done under the guise of verifying their funds are secure. They’ll be asked to provide account details to “ensure” their SVB assets are transferred safely.
Attackers are counting on fear making users less careful, less likely to scrutinize the content of the messages, and less aware of red flags due to desperation and psychological need to feel their money is secure. Many users will simply follow directions the given. Warning them of the impending bombardment is an excellent first step to help boost awareness. Having an anti-phishing solution augments security and helps reduce the number of phishing emails that make it to the inboxes of anxious users.
Malware Data Theft
With an increase in phishing also comes a plague of malicious code. Cybercriminals love to use documents containing hidden malicious code in conjunction with phishing to escalate the attack. Users rarely suspect documents of being dangerous, even in the best of times.
As users open the files, the embedded code executes, launching attacks including ransomware, rootkits, and applications to steal data. The criminals are looking for account numbers and financial correspondences that are more likely to be stored on end users’ computers as they work to sort through leaving SVB or moving to more trusted banks.
Many organizations rely on antivirus (AV) or traditional gateway solutions (firewalls, WSG, ESG, etc.) to eliminate these threats, detecting when they launch and stopping them. Cybercriminals know this and constantly evolve their hidden threats, producing hundreds of thousands of new variants daily. Traditional security gateway solutions cannot keep up, necessitating a solution such as Content Disarm and Reconstruction (CDR). With CDR, all content is deconstructed and rebuilt from only known-safe components, eliminating hidden threats, even if they are not currently detectable.
Misinformation is a powerful tool for creating chaos and sowing confusion. In times of crisis, such as a financial or economic downturn, spreading Fear, Uncertainty, and Doubt (FUD) can be a motivator to keep the crisis going and perpetuate the attack cycle. One way to spread FUD is by spreading rumors of more failing banks or institutions, which can lead to panic and a loss of confidence in the financial system. Attackers will look to do this via social media accounts that have been compromised or appear to come from legitimate sources such as news outlets.
The best defense against this type of abuse is awareness. Helping teams understand that there is no need to rush to withdraw funds or invest all of their assets into non-traditional assets such as gold or cryptocurrency is vital for stopping the misinformation. Encourage staff to seek out reliable sources for information and check any rumors they hear against known references.
Cybercriminals may also use social media and advertisements to lure victims into fake sites that mirror legitimate banking institutes. Offering deals too good to be true, such as high-yield interest rates, motivates people to transfer their funds. The attackers can then collect the victims’ account information and steal the value from their accounts or attempt to get them to download malware to execute a long-term data theft attack. These fake banks can be challenging to detect, as their websites can look identical to legitimate ones, and they may even have a complete workflow for creating accounts and requesting funds.
With how accurately many of these sites mirror legitimate entities, awareness is insufficient to protect users. Even checking the information on the lock in the web browser’s address bar is not enough, as cybercriminals can purchase legitimate certificates for domains with misspellings that mirror legitimate sites. Protections like DNS filtering are a good step toward limiting users’ access to risky sites. This should be augmented by solutions to eliminate potential hidden threats, limiting more complex attacks.
Preparing for the Worst
There is no single solution for preparing your organization for a major event such as the collapse of SVB and the following cyber attacks. Instead, your organization is better prepared for cyber events by creating a holistic security program, including preventing hidden threats in files used by many cybercriminals.
Votiro is a leader in CDR, helping organizations protect themselves from threats hidden in files. Votiro goes beyond traditional detection-based protections, taking a Zero Trust approach, and sanitizes all files that flow through it. Rather than requiring a unique tech stack with complex configurations and changes to your environment, Votirio delivers protection through APIs. By making minor configuration changes to your existing technology, Votiro can start protecting your environment in as little as 10 minutes for SaaS installations rather than days or weeks of other solutions.
Contact us today to learn more about Votiro can help your organization create a secure foundation. You can also try Votiro’s file sanitization product for free if you have a potentially malicious file from one of these attacks.