Potential BEC & Phishing Activity due to Recent Banking Events in the United States

Share :

Summary 

On Friday, 10 March 2023, California state regulators took possession of Silicon Valley Bank (SVB) and appointed The Federal Deposit Insurance Corporation (FDIC) as receivers. SVB was a 40-year-old commercial bank that was an important lender for the tech and venture capital sector. It’s estimated that half of US venture-backed start-ups were customers of the bank. 

Based on historical world events such as COVID-19 and the US Election, we expect to see threat actors leverage the SVB theme in their business email compromise (BEC) and social engineering attacks in the near future. Threat actors can leverage phishing emails which could contain new banking wire information, instructing an employee to make changes to benefit the threat actor in this scenario for financial gain. Threat actors may also target employees’ social media accounts, such as LinkedIn, where they can identify individuals working at start-ups or other affected organisations.  

Arctic Wolf Labs has multiple detections in place for suspicious activity on email accounts associated with BEC and account takeover attacks. We continue to actively monitor for tactics, techniques, and procedures (TTPs) associated with campaigns that may arise from these events. 

How To Identify and Disrupt Business Email Compromise Attacks 

In the video below, Arctic Wolf’s Regional VP of Sales Engineering, Brandon Tschida, shares how some BEC attacks work and how the Arctic Wolf Security Operations Cloud can help stop these kinds of cyber attack before they begin. 


 

Additional Recommendations 

When it comes to preventing BEC or other forms of social engineering attacks, the most important factor is awareness and knowledge. If your users are aware that these types of attacks exist, they may be less likely to become a victim of them. 

For Enterprise Threat Detection 

  • Review which detections you have in place for BEC and/or account takeover activity or check with your MDR provider to determine if there is coverage in these areas. 
  • Ensure proactive monitoring is in place for all administrative accounts. Confirm that any changes made to these accounts would trigger an alert to be actioned on. 
  • Consider rotating administrative accounts and/or credentials on a regularly scheduled basis.  
  • Enable Multi-factor Authentication (MFA) wherever possible. 
  • Be mindful that nation-state actors could potentially leverage these high-profile events in their own BEC and/or social engineering attacks against organisations within enemy states. 

For Leaders and Users 

Crisis or not, it’s critical to provide tailored user awareness training to all employees around BEC and social engineering attacks.  

  • Ensure users know how to identify a phishing email and where to report it. 
  • Provide examples of what users could expect and remind users to remain vigilant when receiving an email from an unknown or external source. 
  • Be wary of messages that create a sense of urgency and ask you to do something quickly, especially pertaining to SVB. 
  • Be cognisant that threat actors may use personal social media accounts or text messages to contact you. 
  • Review policies for verification of any changes to existing invoices, bank deposit information, and contact information. 

For Finance Teams 

  • Consider using a secondary channel to verify requests for changes in account information and initiating financial transactions. For example, if you receive an email asking to change banking details for a particular account, consider using a secondary channel, such as phoning the individual to verify that request. 
  • Reiterate or update specific procedures for money transfers. Ensure that all teams are aware of what a money transfer request looks like, the use cases for which a request could come through, and who those requests would come from within your organisation. 

References: 

James Liolios

James Liolios

James Liolios is a Senior Threat Intelligence Researcher at Arctic Wolf, where he keeps a watchful eye on the latest threats and threat actors to understand the potential impact to Arctic Wolf customers. He has a background of 9 years' experience in many areas of cybersecurity, holds a bachelor's degree in Information Security, and is also CISSP certified.
Share :
Table of Contents
Categories