In the wake of the Silicon Valley Bank’s collapse, cybersecurity companies have been keeping an eye on cyber threats to businesses and consumers. One such firm, ReliaQuest, has just released an assessment on some scenarios we might see.
The Silicon Valley Bank (SVB) was the sixteenth largest in the United States but collapsed after investors triggered a liquidity run. This left its customers – mostly from the technology, private equity, venture capital, and life-science sectors – in limbo.
The US government and the banking industry advise calm, but uncertainty over the financial services sector remains high. This is not the only important thing, though, ReliaQuest notes in a new report – cybercriminals might try to exploit the turmoil and hurt businesses and individual customers.
The firm says it has been tracking a surge of newly registered domains referencing SVB. These impersonate legitimate services from the failed bank such as customer support, and include examples of typo-squatting.
Typo-squatting occurs when a small grammatical mistake is inserted into a URL to trick people into thinking a fake or spoof domain name is genuine – for instance, it’s hard to spot the difference between the upper-case “I” (eye) and lower-case “l” (ell).
“Newly registered domains referencing SVB have risen sharply,” said ReliaQuest, adding that between March 6 and 12 it had observed 95 new domains “likely impersonating SVB, none of which are registered to registrars previously used by SVB.”
It said this was an elevenfold increase when compared to the rolling average “of potential impersonating domains over the past three months.”
Keep your eyes peeled
Some of the domains aren’t yet hosting content, so ReliaQuest analysts presume they could be placeholders for future threats such as phishing attacks. With time, the legitimacy of phishing emails increases – as does the possibility that a potential victim will click on malicious links.
However, cybercriminals have already begun exploiting SVB’s collapse. Phishing scams impersonating the bank have been observed targeting cryptocurrency users. Attacks impersonating financial services companies, promising a payout because of the collapse, have also been spotted.
Another US cybersecurity firm, Cyble, said earlier this week that several cryptocurrency scams have emerged. For example, phishing sites have set up a bogus USDC (digital dollar) reward program claiming that “Silicon Valley Bank is actively distributing USDC as part of the SVB USDC payback program to eligible USDC holders.”
These criminals seek to steal cryptocurrency from the victim’s account by offering free USDC, inviting targeted users to scan a bogus QR code using any cryptocurrency wallet.
Crooks are likely to encourage victims to click on phishing emails, open malicious attachments, or enter credentials into a spoofed website, says ReliaQuest, adding that phishing attacks and fraud attempts exploiting SVB’s collapse will be “almost a given” in the next few weeks.
Finally, businesses hit with financial uncertainty may have to make difficult decisions to restructure in the coming months – layoffs in the technology sector have been increasing lately anyway.
“In the event of layoffs, shrinking security teams and internal disruption are likely to leave systems vulnerable to threat actors,” ReliaQuest said.
“Delays to implementing critical patches are likely, and overburdened employees are more likely to make mistakes or be negligent, failing to follow security best practices. Strong security cultures in businesses will help mitigate this threat.”
More from Cybernews:
Subscribe to our newsletter