Use Caution: Security Risks and Mitigation Practices Following the Collapse of SVB
March 13th, 2023 Yaron Kassner
The collapse of Silicon Valley Bank bears direct implications on adversaries’ activity. As always, uncertainty and panic are threat actors’ closest allies, and we’re already hearing reports on a distinct surge in fraud attacks that attempt to leverage the confusion and concerns to lure users into fraudulent transfers as well a credential disclosure. In this article we summarize the main risks organizations are likely to be exposed to, as well as best practices to proactively encounter and mitigate them (such as enabling MFA on banking systems).
Table Of Contents
Risk #1: Fraudulent Transfers
Sample Scenario
The most typical pattern would be impersonating as a legitimate destination for money transfer. For example, the adversary will impersonate one of your suppliers, claiming that it has moved from SVB to another bank, urgently asking you to wire payment to this new account. The unsuspecting victim wires the payment to the attacker’s bank account.
Mitigation Steps
Remind your workforce to avoid performing transactions to accounts whose details they received via email. Any change in existing wiring destinations must be explicitly verified rather than immediately trusted. This verification should be reaching out to the actual person the email presumes to come from and validating that they really sent the request and not an impersonating adversary. As a supplier, proactively inform your customers what the reliable processes are to inform on any changes in your bank accounts.
Risk #2: Phishing for Bank Account Credential
Sample Scenario
Adversary sends an email, impersonating as FDIC, SVB, or another government agency containing a reassuring message that your deposits in SVB can be fully returned. However, for this to happen you should urgently login to your new bank account in a provided link. This link, needless to say, leads to an adversary-controlled web page, and your credentials are now compromised.
Mitigation Steps
Remind your workforce to increase their vigilance to emails that request credentials insertion, or even better – ban any form of providing credentials to links incorporated in email messages. It’s also recommended to expand this policy to any sort of inbound communication, including phone calls and text messages. Specifically for the scenario described above, don’t take any independent action, but rather follow official online sources for instructions for receiving your money back.
Risk #3: Spreading Panic
Sample Scenario
In addition to the above direct risks, adversaries may also attempt to leverage the existing, tense atmosphere to accelerate panic and uncertainty by spreading fake news on alleged collapse risk of additional banks. You may see viral messages informing you that the banks you’re working with are at risk, urging you to withdraw your deposits before it becomes too late.
Mitigation Steps
Only trust official communication channels from your banks and avoid forwarding unvalidated messages.
Complement Workforce Security Education with Hardening your Email Security
Your business email is the primary attack vector adversaries employ to deliver fraud attacks. While employee education is paramount, it must have a security technology counterpart, making the prevention of business email compromise a crucial task. To prevent threat actors from compromising user accounts and sending messages on their behalf, you should enforce the following:
- Enforce MFA verification on any access to employee’s email address.
- Disable legacy email protocols that are more susceptible to compromise.
- Block access to email from risky locations
Conclusion
While remaining secure in times of crisis is challenging, it’s a task within your reach. The calmer you stay, and the more this calmness is implemented in the day-to-day security practices of your employees, the more resilient your environment will be to the building up wave of fraud attacks.
