Bank sector turmoil adds to phishing and malware threats

Turbulence in the banking sector has been in the news every day since the collapse of Silicon Valley Bank. Every major media outlet is reporting on bank runs, bank failures, bank rescues, bank whatever, and the stories of these banks don’t end when they’re absorbed by another bank. There are still lenders, borrowers, investors, and large swaths of the public that have concerns about these failed banks and the stability of the financial sector. A recent Gallup survey found that 48% of respondents were ‘very’ or ‘moderately’ worried about the safety of money deposited in banks. That seems like a lot, but we don’t have a benchmark for this. Gallup has only run these surveys during times of financial crisis.

Harris Poll has a similar survey on the anxiety around the banking crisis.

Why the anxiety matters

Like all crises and high-profile news, bank failures provide cybercriminals with an opportunity to go after new victims. Here are a few examples of potential targets:

• People who have done business with a failed bank and want to know what they should do with their money.
• People who want to capitalize on the crisis by investing in a bank at the right time.
• People who do not trust the financial system and are considering investments in gold, silver, cryptocurrency, etc.

These attacks offer knowledge products like “Get rich off banks” or special offers like “Bitcoin for pennies on the dollar.”  There will be some backstory about how these things are possible and why you have to hurry to save your spot. They’ll support their scam with cherry-picked or fabricated news reports. We know this is true because we see these scams day after day, year after year. The only thing that changes is the story used in the scam.

The latest headlines

The big story right now is the JPMorgan Chase acquisition of First Republic. The Federal Deposit Insurance Corporation (FDIC) was appointed receiver of First Republic Bank on Monday, May 1. This is one of the largest US banks to fail, second only to Washington Mutual in 2008.  It’s the third bank to fail this year, and it comes less than two months after receiving a multi-billion dollar rescue package meant to stabilize the bank.  

JPMorgan Chase (JPM) is the largest bank in the United States, and it is bigger now that it has First Republic Bank. I won’t cover the details of the purchase, but you should scrutinize any unexpected or unsolicited email related to the banking crisis.  This is true for social media posts as well.

It’s more than just phishing

Phishing attacks do not just target the recipient. A phishing email may snag only a single victim, but attackers can leverage that into a larger attack through business email compromise, account takeover, and other social engineering attacks. Attackers also use malware to steal more information beyond the phishing attack. This malware is usually an infostealer designed to explore the system and collect network credentials and other potentially useful information.

Infostealers have had their fair share of headlines lately. This malware is a growing threat because it’s easy to use and can be purchased for roughly $200. Infostealers add automation and volume to credential harvesting attacks, and they provide ransomware gangs with more data on potential targets.

What is the solution?

There’s no single solution to prevent these criminals from attacking your organization. Endpoint protection from malware is essential, as are email, network, and application defenses. Users must also be aware of phishing and malware threats and understand the importance of password security.

Barracuda offers comprehensive protection to defend your company from the latest cyberattacks.  We offer expert consultation and risk-free trials so you can test our solutions in your environment. See our website to get started.