SVB collapse presents cyber-attackers with a wealth of opportunities

Sticking to, and reinforcing, existing controls is critical to defending against bad actors looking to take advantage of the highly public event.

GPs and their portfolio companies grappling with the fallout from the collapse of Silicon Valley Bank need to add opportunistic cybersecurity threats to their list of problems.

Bad actors already target PE firms, focusing largely on the mid-market due to their perceived high levels of dry powder and cybersecurity weaknesses compared with large firms. One of the most common attack surfaces is wire transfers, where they can pose as LPs’ managers, or trick management company staff into sending wires to fake LP accounts.

SVB’s collapse presents these bad actors with a flood of wire transfers to divert to themselves, as former SVB clients, including GPs and their portfolio companies, look for new banks to deposit with and borrow from. That requires changing wire instructions, where potential victims are most vulnerable, said Jeremy Bergsman, a managing director at ACA Group.

“We have not heard of any actual events, but our clients are definitely concerned,” said Bergsman. “Our private equity clients are not only managing their own controls… but also reinforcing the importance of these controls to their portfolio companies” and staff, he said.

One-off requests to change wire instructions are hard enough to guard against, though their infrequency means staff are more likely to treat them with caution.

“But when you know that Silicon Valley Bank is in the news, that that’s your bank, you actually expect changes to come through. And so, it’s much easier to fall victim to this kind of fraud,” said Bergsman.

Bergsman noted GPs have historically been most susceptible during acquisitions and investment exits, which are often in the news. But the much higher degree of publicity of SVB’s closure translates to a much bigger threat.

Adhere and reinforce controls

Companies can get ahead of potential wire fraud by simply adhering to their existing controls.

“It’s just an opportunity for everybody to remember that you have to continue to follow all of the controls that you should normally have in place: callbacks, verifications to known parties to make sure that you have correct wiring instructions, et cetera,” Bergsman said.

Sticking purely to outbound instruction changes to known contacts lessens the risk for GPs and portcos, he said.

In a recent risk alert, BW Cyber, a cybersecurity firm that caters to GPs, shared advice on contacting people for making changes.

“If you change or are planning on changing your wiring instructions, it is critical that you call all recipients to verbally relay the changes associated with your new wiring instructions,” it said.

BW Cyber also said that firms should require their trading partners and investors to respond to emails with change requests by calling them.

Watching out for phishing

Bergsman warned that phishing is another risk for companies.

“Many phishing scammers are very opportunistic,” he said, adding that they “use events that are in the news to try to drive an urgent reaction to their phishing emails.”

The scammers will send out the emails to trick recipients into handing over credentials or to download malware to their devices via attachments, Bergsman explained. He said that companies should stick with their same anti-phishing behaviors and controls.