chat
expand_more

Addressing Cybersecurity Threats Associated with the SVB Closure

The Silicon Valley Bank (SVB) closure has created opportunities for threat actors to launch more convincing email attacks. Here's how to lower your risk.
March 15, 2023

We’ve seen it time and time again: threat actors love to capitalize on the disruption created by major unexpected events to launch attacks that exploit uncertainty and confusion.

The Silicon Valley Bank (SVB) closure is no exception.

With the sudden shuttering of SVB—the largest bank to fail since the 2007-2008 financial crisis—cybercriminals have been out in full force. And, unfortunately, they have copious angles of attack at their disposal. However, being aware of what kinds of tactics to look out for and having plans in place to verify the authenticity of any email correspondence related to SVB can help minimize your risk considerably.

Read on to learn a few ways threat actors are likely to take advantage of the SVB closure and how you can protect your organization.

Why the SVB Closure Increases Cybersecurity Risks

The SVB closure represents a near-perfect opportunity for threat actors to engage in business email compromise, credential phishing, invoice and payment fraud, and supply chain compromise.

Businesses that had been customers of SVB now have a laundry list of finance-related issues they have to resolve—and quickly. And even if an organization had no direct ties to SVB itself, it may work with vendors who were SVB account holders that now need to update their billing and payment information.

In short, there are dozens (if not hundreds) of legitimate requests and announcements that each of SVB’s 40,000 former customers will need to communicate via email in the coming weeks. And this means attackers have ample chances to slide into the incoming flood of emails undetected.

Examples of SVB-Related Cyberattacks and Fraud

The most common attack Abnormal has already observed involves actors impersonating vendors, suppliers, or partners requesting to update their bank account details from SVB to a new bank.

SVB Email Example E

Example of recent payment fraud attack capitalizing on SVB closure observed by Abnormal

Here are some examples of other internal and external impersonation attacks to look out for:

  • Emails purportedly from the CFO, an HR team member, or an accounting specialist informing employees they need to register an online account with the company’s new bank

  • Threat actors impersonating the CFO or other high-level executives requesting that the accounts receivable department update the company’s wiring instructions

  • Attackers claiming to be either an executive at the target organization or a representative from SVB sending instructions for transitioning to a new bank

  • Emails allegedly from officials from the FDIC informing targets that assistance with covering payroll is available and inviting recipients to click on a link to accept

  • Attackers posing as third-party vendors targeting former SVB account holders claiming invoices due in early March weren’t paid

While this list is certainly not exhaustive, it illustrates just how many different ways threat actors can exploit the SVB closure to compromise employee accounts, reroute payments, and/or gain access to your internal network.

One effective way to reduce your exposure to these threats is to invest in technology that blocks advanced email attacks before they can even be delivered.

Proactively Blocking Malicious Emails with Behavioral AI

Modern threat actors have evolved their tactics, crafting sophisticated emails that not only bypass traditional security tools but also appear completely legitimate to the average employee. With alarming frequency, employees are being duped by these surprisingly convincing malicious emails. In fact, in our H1 2023 Threat Report, we found that the median open rate for text-based business email compromise attacks was nearly 28%.

Abnormal is uniquely positioned to solve this problem.

Our technology takes a fundamentally different approach from traditional email security solutions, with advanced detection and remediation capabilities to discover and block financially-motivated malicious emails. Using an API-based architecture, Abnormal ingests thousands of signals about your employees and their day-to-day activities to build a baseline of known-good behavior of every user across your organization and supply chain.

Additionally, our AI/ML-based detection engine automatically learns the relationships and communication patterns between your employees and vendors—including message frequency, tone, and content as well as past bank accounts used and more. Further, because Abnormal’s VendorBase™ federates insights about vendors across our entire customer base, once a vendor has been flagged for one customer, the platform can block emails from that same vendor for all other customers.

Finally, Abnormal uses advanced AI techniques such as natural language processing, natural language understanding, and image processing to precisely detect and automatically remove malicious emails exhibiting anomalous behavior to prevent end-user engagement.

Reduce your financial risk today! - See a Demo

Additional Steps to Reduce Your Vulnerabilities

For the foreseeable future, companies across the globe will be navigating the increased cybersecurity risks associated with the SVB closure. On top of adopting an intelligent email security solution, consider implementing the following safeguards:

  • Conduct refresher security awareness training for all executives and front-line employees, with a particular focus on the kinds of attacks listed above.

  • Encourage employees to report any suspicious emails to the security team and not simply delete any messages they believe are fraudulent.

  • Call to verify any requests to update bank account details or offers of assistance sent via email using a publically available number—not the contact number provided in the email.

  • Even if an email has the expected sender email address (i.e., it contains no misspellings or character substitutions), still manually verify all finance-related requests as the account may have been compromised.

  • If the first fund transfer to a new account involves a large sum of money, transfer a small amount first, call to confirm the transaction was successful, and then transfer the remaining funds.

Keeping Your Organization Safe from Sophisticated Email Attacks

Cybercriminals will always capitalize on any opportunity to make their attacks more believable. Therefore, understanding your organization's specific vulnerabilities and maintaining a proactive approach to cybersecurity is key to protecting your workforce from the full spectrum of email attacks.

Reduce Your Financial Risk Today! - See a Demo
Addressing Cybersecurity Threats Associated with the SVB Closure

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B Proofpoint Customer Story F500 Insurance Provider
A Fortune 500 insurance provider blocked 6,454 missed attacks and saved 341 SOC hours per month by adding Abnormal to address gaps left by Proofpoint.
Read More
B Malicious AI Platforms Blog
What happened to WormGPT? Discover how AI tools like WormGPT changed cybercrime, why they vanished, and what cybercriminals are using now.
Read More
B MKT748 Open Graph Images for Cyber Savvy 7
Explore insights from Brian Markham, CISO at EAB, as he discusses cybersecurity challenges, building trust in education, adapting to AI threats, and his goals for the future. Learn how he and his team are working to make education smarter while prioritizing data security.
Read More
B Manufacturing Industry Attack Trends Blog
New data shows a surge in advanced email attacks on manufacturing organizations. Explore our research on this alarming trend.
Read More
B Dropbox Open Enrollment Attack Blog
Discover how Dropbox was exploited in a sophisticated phishing attack that leveraged AiTM tactics to steal credentials during the open enrollment period.
Read More
B AISOC
Discover how AI is transforming security operation centers by reducing noise, enhancing clarity, and empowering analysts with enriched data for faster threat detection and response.
Read More