At a glance.
- The fall of Silicon Valley Bank and its aftermath.
- LockBit counts coup against an aerospace supply chain.
- Telerik exploited, for carding (probably) and other purposes.
- Threat actor movements observed and reported over the week.
- Latest trends and reports.
- Updates on cyber activity in the hybrid war against Ukraine.
- Patch news.
- Crime and punishment.
- Courts and torts.
- Policies, procurements, and agency equities.
- Research developments this week.
The fall of Silicon Valley Bank and its aftermath.
Last Friday saw the closure of Silicon Valley Bank (SVB) by the US Federal Deposit Insurance Commission (FDIC). The CyberWire over the weekend summarized the events surrounding the collapse. After a bank run by depositors that drove SVB into insolvency, the FDIC has placed the bank in receivership and is working to find buyers. This significant institution’s failure is anticipated to cause blowback for big tech, particularly for the startup ecosystem that surrounds it. And that includes the cybersecurity sector as well. BankInfoSecurity reported Friday that what is being called the “second-largest bank failure in US history“ is anticipated to cause future troubles for startups in financing. The Information reported Monday afternoon that approximately 1,000 firms, from venture firms such as Sequoia Capital to crypto investors, had seen SVB’s involvement in their capital. This mass of firms is now going to have to find new banks to provide loans and lines of credit for their endeavors, which may likely prove difficult given the distinctive needs of firms that used SVB. Business Insider explained Saturday that the pressure caused by sudden hikes in interest rates on the economy could lead to instability in institutions thought to be immune, or at least somewhat stable against the tumultuous economy. For more on the effect of SVB's failure on the cyber sector in particular, see CyberWire Pro.
Security experts are also warning that cybercriminals are gearing up to take advantage of the disruption surrounding the collapse and shutdown of Silicon Valley Bank. Johannes Ullrich from the SANS Institute is tracking a spike in newly registered SVB-related domains, including “login-svb[.]com,” “svbbailout[.]com,” “svbcertificates[.]com.” It’s not clear how many of these domains were created by scammers, but Ullrich expects to see business email compromise (BEC) attacks taking advantage of the situation. For more on Silicon Valley Bank themed fraud, see CyberWire Pro.
LockBit counts coup against an aerospace supply chain.
The LockBit ransomware gang claims to have compromised Maximum Industries, a supplier of components to SpaceX, SecurityWeek reports. The prize LockBit claims to have obtained includes some three-thousand engineering drawings, said to be "certified by SpaceX engineers." The text of LockBit's communique makes it clear that the target is SpaceX, not its supplier, said the gang in an announcement on its dark web page. SecurityWeek observes that LockBit's announcement should be regarded with cautious skepticism. LockBit has given the victims a deadline of March 20th to pay.
Telerik exploited, for carding (probably) and other purposes.
Multiple threat actors, including at least one APT group, were able to compromise a US Federal civilian agency via a known Progress Telerik vulnerability in an IIS server, according to a joint advisory released by CISA, the FBI, and the Multi-State Information Sharing and Analysis Center (MS-ISAC). The advisory notes that the vulnerability allowed the attackers to execute code on the agency’s web server.
CISA notes that a nation-state actor and a cybercriminal group both exploited the vulnerability. CyberScoop says the criminal gang, known as “XE Group,” is known for card skimming. For more on Telerik exploitation, see CyberWire Pro.