The recent fall of the Silicon Valley Bank on March 10 this year resulted in waves of turbulence across the international financial system. However, for threat operators, this major collapse has opened a new window of opportunity.
As reported by numerous cybersecurity researchers, many hackers and scammers have already begun registering suspicious domains and preparing phishing web pages to unleash a torrent of business email compromise (BEC) attacks.
BEC attacks are cybercriminal campaigns that typically aim to steal money or account data and infect their targets with malicious software.
The collapse of Silicon Valley Bank
A commercial bank based in the United States, Silicon Valley Bank was also the 16th largest bank in the country, and in terms of deposits, the largest bank in California’s Silicon Valley.
On March 10, the US bank failed utterly after it experienced a run on its deposits. This collapse was the largest failure of any bank since the financial crisis of 2007-2008, as well as the second largest in the history of the United States.
The recent incident has affected many enterprises and individuals in the life science, technology, healthcare, venture capital, premium wine and private equity sectors who were Silicon Valley Bank customers.
The current situation is worsened further by the prevailing issues of uncertainty and urgency, not to mention the significant sums of money deposited at the financial institution.
Threat operators take advantage of the opportunity
Security researchers recently noted that threat operators are already jumping at the chance to use the bank’s downfall as a framework for their attacks. They noted activity involving hackers registering domains directly related to Silicon Valley Bank that are most likely designed for use in attacks.
Researchers warned that the fraudsters might try to contact former clients of the California bank to offer support packages, loans, legal services, loans, and other fake banking services relating to recent collapse.
One attack already identified in the wild is run by BEC operators, who are masquerading as Silicon Valley Bank customers and telling legitimate customers they must make payments to a brand-new bank account following the collapse.
These accounts, however, belong to the malicious operators, who steal payments that were meant to be sent to the genuine company.
Many of the websites were registered on the exact day when the bank collapsed and are already running cryptocurrency scams. These pages tell customers of the bank that it is now distributing USDC crypto as part of a dedicated “payback” programme.
However, when targets click on the web page’s claim button, a QR code appears which attempts to compromise Exodus, Trust Wallet and Metamask cryptocurrency wallets when they are scanned.
All former customers of the US bank are advised to remain calm and to only follow official communication channels with guidance from the FDIC and the United States government.
Any emails which originate from unusual domains should be ignored and requests for changes of banking or payment details should be double checked via phone rather than email.