SVB Collapse Leaves Door Open for Cybercriminals to Steal Money and Data

• Written by Ari Denial Cybersecurity & Tech Writer

The collapse of Silicon Valley Bank (SVB) has caused turmoil in the global financial system. In the aftermath, cybercriminals are exploiting the situation by registering suspicious domains, launching phishing campaigns, and carrying out attacks to steal money, account data, and infect targets with malware.

According to several security researchers, threat actors are actively registering suspicious domains, setting up phishing pages, and preparing for Business Email Compromise (BEC) attacks.

The fallout from the SVB collapse has affected numerous businesses and individuals in various industries, including life sciences, technology, private equity, healthcare, venture capital, and premium wine.

According to recent findings by security researcher Johannes Ulrich, cybercriminals are capitalizing on the situation by registering suspicious domains related to SVB that are highly probable to be utilized in malicious attacks.

Ulrich has cautioned that scammers may attempt to contact former SVB clients offering fake services related to the bank’s collapse, such as legal services, support packages, or loans.

A cryptocurrency scam claims that as of March 13, 2023, Silicon Valley Bank is distributing USDC as part of its SVB USDC payback program, exclusively to eligible USDC holders. The scam further alleges that USDC payouts are restricted to one claim per wallet.

Circle, a peer-to-peer payments firm that oversees the widely-used stablecoin USDC, had deposited $3.3 billion in cash reserves at SVB. However, despite assurances from the firm regarding the liquidity of USDC, the collapse of SVB has created an atmosphere of uncertainty.

To avoid email compromise during such attacks, it is recommended to verify any payment changes with your contact over the phone rather than through email.

Hitachi Energy Confirms Security Breach as Clop Ransomware Targets Company in Cyber Attack

• Written by Ari Denial Cybersecurity & Tech Writer

Hitachi Energy has confirmed that it experienced a data breach that resulted in the theft of its data by the Clop ransomware group, which exploited a GoAhead zero-day vulnerability.

Hitachi Energy is a subsidiary of the Japanese engineering and technology conglomerate, Hitachi, which specializes in energy solutions and power systems. The company generates an annual revenue of $10 billion.

At this time, it is unclear whether Hitachi Energy was targeted for a ransom or if any of its services were disrupted as a result of the cyber attack. Despite the alleged incident, the company’s website remains accessible.

Hitachi has issued an official statement acknowledging the security incident, stating that a third-party software provider named FORTRA GoAnywhere MFT (Managed File Transfer) was targeted in an attack by the Clop ransomware group. The statement further notes that the attack may have resulted in unauthorized access to employee data in certain countries.

According to Hitachi’s statement, the company responded promptly to the incident by disconnecting the affected system, FORTRA GoAnywhere MFT, and launching an internal investigation to assess the extent of the breach’s impact.

Hitachi has stated that it notified all impacted employees, relevant data protection authorities, and law enforcement agencies of the security incident directly.

In its statement, Hitachi has provided reassurance that, as of the time of the statement, the company has no information to suggest that either its network operations or the security and reliability of customer data has been compromised in the breach.

Fortra disclosed the existence of the zero-day vulnerability in its GoAnywhere secure file-sharing product at the beginning of February. At that time, security publication BleepingComputer speculated that the impact of the vulnerability could be comparable to the recent Accellion FTA hacks that occurred in 2021.

On March 14, 2023, cybersecurity firm Rubrik confirmed that it had been impacted by the exploitation of CVE-2023-0669, after being added to the data leak site. However, the company clarified that the breach was limited to a non-production IT testing environment and did not affect any customer data.