Cybercriminals register new domains to prey on SVB, Credit Suisse … – iTWire

admin on March 16, 2023 Leave a Comment

GUEST OPINION: Risk intelligence company Flashpoint has identified cybercriminals registering opportunistic new domains to look like legitimate SVB pages, targeting victims of the banks collapse. The fallout from Credit Suisse and Signature Bank are likely to lead to similar activity.

Flashpoint has seen around 20 new malicious domains such as login-svb[.]com registered, with threat actors also creating domains for competing banks like Revolut.

Financially motivated threat actors will act opportunistically, using the same low-level initial access techniques like phishing, to prey upon those most impacted by the failure, said Flashpoint senior intelligence analyst Ashley Alloca.

Alloca provides insights and comments on the issue below:

Financially motivated threat actors will often act opportunistically, seeking to take advantage of newsworthy events. These events may influence the theme of various social engineering tactics used to gain initial access to compromise victims. Generally speaking, threat actors are likely to execute SVB or Credit Suisse-themed social engineering attacks with an emphasis on phishing scams and malware lures. We are seeing the potential use of newly registered domains that can be used in phishing attacks to collect sensitive information or coerce victims into sharing information or sending funds to actor-controlled accounts.

We have seen threat actors have been registering these new domains to look like legitimate pages affiliated with SVB. For example, on Saturday 11 March, the day following SVBs collapse, new domains like login-svb[.]com, svbbailout[.]com, svbdividendpayout[.]com, and svbfail[.]com were registered. At least 16 other domains using SVB were registered. It is entirely possible not all of these domains will be leveraged for malicious purposes, but it is clear in the case of login-svb[.]com that that page will likely resolve to a login page for SVB affiliates, malicious or otherwise.

Similarly, newly registered domains for known SVB competitors have been and will likely continue to crop up. For example, we have seen domains mimicking Revolut, a British-Lithuanian financial services company, including customer-revolut[.]com, logon-revolut[.]com, and revolutbank[.]net. This may portend social engineering attacks with themes of transferring a financial relationship from one bank to another.

Phishing and stealer malware are commonplace; they rank, respectively, as the top two most discussed malware types and hacking services in 2022. While phishing attacks require little technical skill and sophistication, they are legitimate initial access tactics that continually prove to be advantageous, especially for financially motivated threat actors. Following any newsworthy event, it is likely that threat actors will use that event as the theme of their latest attack.

A victim could be anybody who clicks on a malicious link. This could occur as part of a spear phishing campaign, in which a threat actor sends a personalised email to a specified targeted person, business, or organisation. The email generally impersonates a trusted source and contains either malware-infected documents or links to malicious websites. As there are many concerns about the interconnectedness of financial accounts, we recommend extra due diligence with any requests to update bank account information. There are many companies taking rapid action to update their payment information away from SVB, which presents a prime opportunity for cybercriminals to capitalise on this crisis situation.

Its likely that the fallout from Signature Banks failure and issues surrounding Credit Suisse will lead to similar cyber threats. Financially motivated threat actors will act opportunistically, using the same low-level initial access techniques like phishing, to prey upon those most impacted by the failure.

Reducing WAN latency is one of the biggest issues with hybrid cloud performance. Taking advantage of compression and data deduplication can reduce your network latency.

Research firm, Markets and Markets, predicted that the hybrid cloud market size is expected to grow from US$38.27 billion in 2017 to US$97.64 billion by 2023.

Colocation facilities provide many of the benefits of having your servers in the cloud while still maintaining physical control of your systems.

Cloud adjacency provided by colocation facilities can enable you to leverage their low latency high bandwidth connections to the cloud as well as providing a solid connection back to your on-premises corporate network.

Download this white paper to find out what you need to know about enabling the hybrid cloud in your organisation.

DOWNLOAD NOW!

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

Read the original post:
Cybercriminals register new domains to prey on SVB, Credit Suisse ... - iTWire

Related Posts
Posted in Cloud Servers

Comments are closed.