Addressing Cybersecurity Threats Associated with the SVB Closure

We’ve seen it time and time again: threat actors love to capitalize on the disruption created by major unexpected events to launch attacks that exploit uncertainty and confusion.

The Silicon Valley Bank (SVB) closure is no exception.

With the sudden shuttering of SVB—the largest bank to fail since the 2007-2008 financial crisis—cybercriminals have been out in full force. And, unfortunately, they have copious angles of attack at their disposal. However, being aware of what kinds of tactics to look out for and having plans in place to verify the authenticity of any email correspondence related to SVB can help minimize your risk considerably.

Read on to learn a few ways threat actors are likely to take advantage of the SVB closure and how you can protect your organization.

The SVB closure represents a near-perfect opportunity for threat actors to engage in business email compromise, credential phishing, invoice and payment fraud, and supply chain compromise.

Businesses that had been customers of SVB now have a laundry list of finance-related issues they have to resolve—and quickly. And even if an organization had no direct ties to SVB itself, it may work with vendors who were SVB account holders that now need to update their billing and payment information.

In short, there are dozens (if not hundreds) of legitimate requests and announcements that each of SVB’s 40,000 former customers will need to communicate via email in the coming weeks. And this means attackers have ample chances to slide into the incoming flood of emails undetected.

The most common attack Abnormal has already observed involves actors impersonating vendors, suppliers, or partners requesting to update their bank account details from SVB to a new bank.

Here are some examples of other internal and external impersonation attacks to look out for:

• Emails purportedly from the CFO, an HR team member, or an accounting specialist informing employees they need to register an online account with the company’s new bank

• Threat actors impersonating the CFO or other high-level executives requesting that the accounts receivable department update the company’s wiring instructions

• Attackers claiming to be either an executive at the target organization or a representative from SVB sending instructions for transitioning to a new bank

• Emails allegedly from officials from the FDIC informing targets that assistance with covering payroll is available and inviting recipients to click on a link to accept

• Attackers posing as third-party vendors targeting former SVB account holders claiming invoices due in early March weren’t paid

While this list is certainly not exhaustive, it illustrates just how many different ways threat actors can exploit the SVB closure to compromise employee accounts, reroute payments, and/or gain access to your internal network.

One effective way to reduce your exposure to these threats is to invest in technology that blocks advanced email attacks before they can even be delivered.

Modern threat actors have evolved their tactics, crafting sophisticated emails that not only bypass traditional security tools but also appear completely legitimate to the average employee. With alarming frequency, employees are being duped by these surprisingly convincing malicious emails. In fact, in our H1 2023 Threat Report, we found that the median open rate for text-based business email compromise attacks was nearly 28%.

Abnormal is uniquely positioned to solve this problem.

Our technology takes a fundamentally different approach from traditional email security solutions, with advanced detection and remediation capabilities to discover and block financially-motivated malicious emails. Using an API-based architecture, Abnormal ingests thousands of signals about your employees and their day-to-day activities to build a baseline of known-good behavior of every user across your organization and supply chain.

Additionally, our AI/ML-based detection engine automatically learns the relationships and communication patterns between your employees and vendors—including message frequency, tone, and content as well as past bank accounts used and more. Further, because Abnormal’s VendorBase™ federates insights about vendors across our entire customer base, once a vendor has been flagged for one customer, the platform can block emails from that same vendor for all other customers.

Finally, Abnormal uses advanced AI techniques such as natural language processing, natural language understanding, and image processing to precisely detect and automatically remove malicious emails exhibiting anomalous behavior to prevent end-user engagement.

Reduce your financial risk today! - See a Demo

For the foreseeable future, companies across the globe will be navigating the increased cybersecurity risks associated with the SVB closure. On top of adopting an intelligent email security solution, consider implementing the following safeguards:

• Conduct refresher security awareness training for all executives and front-line employees, with a particular focus on the kinds of attacks listed above.

• Encourage employees to report any suspicious emails to the security team and not simply delete any messages they believe are fraudulent.

• Call to verify any requests to update bank account details or offers of assistance sent via email using a publically available number—not the contact number provided in the email.

• Even if an email has the expected sender email address (i.e., it contains no misspellings or character substitutions), still manually verify all finance-related requests as the account may have been compromised.

• If the first fund transfer to a new account involves a large sum of money, transfer a small amount first, call to confirm the transaction was successful, and then transfer the remaining funds.

Cybercriminals will always capitalize on any opportunity to make their attacks more believable. Therefore, understanding your organization's specific vulnerabilities and maintaining a proactive approach to cybersecurity is key to protecting your workforce from the full spectrum of email attacks.