Lately, the Silicon Valley Bank has been closed down by the California Department of Finance Protection and Innovation. This was apparently the result of a bank run that followed the risk of insolvency and a stock crash.
Customers of SVB will be able to access the insured portion of their deposits through the deposit insurance national bank, which has been established by the Federal Deposit Insurance Corporation, which has been designated as the receiver.
Naturally, this problem is receiving a lot of attention. However, it is primarily concerned with the finances, namely what brought SVB to this point and what the risk is currently to the deposit owners.
The Cyber Fraud Potential of the SVB Collapse
In most effective cases of cyberattacks social engineering, deception, and fraud to take advantage of humans are used as bait, at least in part. According to IBM's Cost of Data Breach Study 2022, the initial attack vector is compromised credentials in around a third of cases. These credentials are typically acquired through phishing or other fraudulent activity. Business email compromise (BEC), on the other hand, is the second most lucrative assault method for organized cyber criminals.
These attacks are most often fueled by chaos and confusion. Cybercriminals are well-organized and have a reputation for seizing openings. They now have a fantastic opportunity to target both current and past SVB consumers in addition to ex-SVB account holders. Customers of SVB are now easy targets for fraud and phishing campaigns.
The fact that founders, CEOs, CFOs, and finance teams are currently dealing with uncertainty and a lack of information only serves to fuel the fire of attackers. When this happens, people tend to let their guard down and are more susceptible to being scammed by an email that contains any news (and preferably good news). Attacks like these can occur via email and other platforms catering to the founders and financial communities, such as forums and groups on Signal, Telegram, and WhatsApp. Everything becomes a potential point of assault.
This type of social engineering, or other more conventional methods of gaining access, is merely a prelude to the primary effort we anticipate seeing: a sizable BEC campaign that takes advantage of the astronomical amount of account modifications already in progress.
SVB account holders will provide their clients with their new account information for future wires when they shift their finances and activities to other banks over the coming weeks. Additionally, given the number of suppliers that businesses use in today's supply chains, finance departments will be inundated with demands to change these accounts.
How can you Protect Yourself from SVB Related Attacks?
Phishing campaigns, BEC, and similar attacks are all forms of fraud. They include some or the other kind of impersonation (most likely through a website, email, text message, Slack, or other messaging technologies), which entices victims to take action.
Here, we are listing some ways through which one can protect themselves from SVB Related Attacks:
- Your awareness is your first line of protection against these assaults. Potential victims will remain more vigilant and be less likely to fall for such schemes if they are aware of the warning indicators to look for in these attacks.
- It is highly advised to mandate refresher phishing and BEC training for those who work directly for your business, including the founders, C-level executives, finance departments, customer success reps, etc.
- Ensure that your payment modification processes are reliable, and if necessary, add an additional layer of manual verification or signature—at least for the ensuing 30 to 60 days. It's crucial to ensure that no vendor you work with can update a bank account without making a real phone call and engaging in one-on-one communication.
Moreover, it would be highly beneficial to set up additional monitoring of both account (phishing) and financial activities (BEC). In terms of phishing, be careful to increase the level of awareness of any prospective phishing assaults within your SOC. Pay close attention to failed multifactor authentication (MFA), unsuccessful login attempts, etc. Executive accounts and finance departments should be given extra attention because they are the most potential targets for these attacks. 
