May 30 Webinar | SOC Talk: Automating Threat Response
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
May 01, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
Last week’s collapse of California’s Silicon Valley Bank (SVB) has companies keeping a watchful eye on future threats. The United States’ 16th-largest bank collapsed after cautious investors triggered a liquidity run, leaving its customers—mostly from the technology, private equity, venture capital, and life sciences sectors—in limbo.
SVB is now controlled by the Federal Deposit Insurance Corporation (FDIC), and the American government has secured deposits, but uncertainty for the financial services sector remains high. In the United Kingdom, HSBC’s £1 purchase rescued the British arm of SVB, but European banking stocks have still taken a hit.
Now named Silicon Valley Bridge Bank (SVBB), its new CEO has said that the bank is “open for business” and has called for SVB’s former customers to return. American banking stocks have regained ground since the collapse, but the storm isn’t over: the credit rating service Moody’s has downgraded its outlook of the United States banking system from “stable” to “negative.”
In the wake of SVB’s collapse, ReliaQuest has been keeping an eye on cyber threats to business and consumers. Read on for our assessment of the current situation, as well as some scenarios we might see next.
Using ReliaQuest’s Digital Risk Protection (DRP) capabilities, we’ve been tracking a surge in newly registered domains referencing SVB. These include domains potentially impersonating legitimate SVB services, like SVB customer support. They also include potential examples of typo-squatting, where attackers use similar characters to register new domains and trick unsuspecting victims: can you spot the difference between upper-case “I” and lower-case “l”?
Newly registered domains referencing SVB have risen sharply: from March 6–12, 2023, we observed 95 new domains likely impersonating SVB, none of which are registered to registrars previously used by SVB. This is an 11x increase in comparison to the rolling average of potential impersonating domains over the past three months.
Although these domains aren’t hosting content at the time of writing, they may be placeholders for future threats. Impersonating domains are often used in phishing attacks. They can be used to increase the legitimacy of phishing emails, to encourage victims to click on malicious links, or to create fake login pages to capture banking—or other—credentials.
Not ones to procrastinate, cybercriminals have already begun exploiting SVB’s collapse. Phishing scams impersonating the bank have been observed targeting cryptocurrency users. Attacks have also been observed impersonating financial services companies, promising cryptocurrency users a payout because of the collapse.
We’ve been monitoring cybercriminal forums for reaction to the event. At the time of writing, reaction has been limited—SVB was not a retail bank, so cybercriminals are less likely to have pre-made phishing kits ready to impersonate SVB. However, for at least some cybercriminals, interest has been piqued: one forum user noted that the collapse leaves former customers vulnerable to targeting (see Figure 2).
At the time of writing, we have not associated any SVB exploiting attacks with cybercriminal users on the forums we monitor. We will continue to monitor reactions on open and closed cybercriminal sources.
To help our customers respond to threats, we’ve compiled sample threat actor scenarios, as well as recommendations for how best to defend in today’s uncertain environment. These scenarios are not exhaustive, but exercises in thinking “how would a threat actor respond?”
It’s been hard to miss SVB headlines over the past week. Savvy threat actors will exploit this notoriety to encourage victims to click on phishing emails, open malicious attachments, or enter credentials into a spoofed website. Malware disguised as a friendly attachment is a favorite tactic for cybercriminal and state-backed threat actors seeking to gain an initial network foothold. Once access is obtained, threat actors are likely to deliver additional malware such as ransomware, cryptocurrency jackers, or credential scrapers.
Cybercriminals aren’t the only ones trying to loot and pillage; advanced persistent threats (APTs) are known to target financial services in cyber-espionage or disruptive attacks, using phishing to gain an initial foothold. Events like SVB’s collapse will realistically be exploited to conduct attacks.
Some APTs (looking at you, North Korea) are also known to conduct financially motivated attacks. SVB’s collapse may serve as an avenue to steal cryptocurrency and other funds from unsuspecting victims. SVB customers with uncertain banking situations, as well as individual cryptocurrency users and cryptocurrency companies, are likely to be attractive targets for these groups.
Phishing attacks and fraud attempts exploiting SVB’s collapse in the near future (next few weeks) are almost a given. Cybercriminals are opportunistic and SVB is low-hanging fruit. Of greater concern to businesses are targeted attacks like business email compromise (BEC). BEC attacks have targeted small and large businesses in every American state and were responsible for over $43 billion in business losses worldwide from 2016 to 2021.
In BEC attacks, threat actors impersonate, or sometimes compromise, employee email addresses to trick other employees into transferring them money. High-ranking employees, like CEOs or CFOs, are particularly likely to be impersonated. With former SVB clients currently finding new banks and conducting large-scale money transfers, they are particularly at risk.
BEC campaigns instill a sense of urgency around money transfers. They can be difficult to identify for victims, particularly when email accounts have been hijacked. Individuals responsible for making financial payments should be aware of common BEC tactics and should ensure payment requests are valid before transferring funds. Companies should inform employees of their business relationship with SVB and give employees instructions on how to verify whether emails are legitimate.
Businesses hit with financial uncertainty may have to make the difficult decision to restructure in the coming months. Technology sector layoffs have increased sharply over the past six months and are only likely to get worse faced with difficult banking conditions.
In the event of layoffs, shrinking security teams and internal disruption are likely to leave systems vulnerable to threat actors. Delays to implementing critical patches are likely, and overburdened employees are more likely to make mistakes or be negligent, failing to follow security best practices. Strong security cultures in businesses will help mitigate this threat.
With restructuring also comes an increasing likelihood of malicious insiders. These could be financially motivated, such as selling proprietary information to competitors, or selling sensitive data or network access to cybercriminals. Destructive attacks are also realistically possible, like deleting sensitive code or files, or purposefully leaving open vulnerable systems. Businesses should segment employee data access and quickly revoke system access for former employees.
ReliaQuest recommends that businesses take the following steps to defend against threats arising from the SVB collapse.
ReliaQuest leverages threat intelligence to support security operations, now with the added benefit of Digital Risk Protection. Click here for more details about ReliaQuest threat intel. To see our threat intel in action, request a demo here.