Data shows collapse of SVB, Signature Bank prompted hike in ID fraud
Nevada-based Socure has revealed that the level of ID fraud in small banking and investment platforms rose sharply in the wake of the closure of Silicon Valley Bank (SVB) on March 10 and Signature Bank on March 12. These are two commercial banks in the United States which closed last month.
The wave of ID fraud spiked in these platforms as individuals and business entities struggled to open new accounts, Socure says in a blog post.
Analysis by Socure of fraud pattern data drawn from more than 1,500 of its customers shows small businesses and investment platforms witnessed a fraud rate increase of 498 percent within 7 and 11 March, when news of SVB’s collapse made waves the most.
Socure says the bad actors had apparently been on stand-by monitoring the system, and were able to quickly strike when they had the opportunity, creating accounts every four minutes when the news of the closure of SVB fell.
The data also shows that synthetic ID fraud also jumped within that period. Although the spike dropped on 14 March, there was another upsurge on 21 March, according to Socure data.
Meanwhile, in a recent press statement in the wake of the cyber-attacks, Socure CEO Johnny Ayers assures customers that the company is monitoring the situation and will provide them with insights necessary to help adjust their decision making.
“Immediately after the news of SVB’s impending breakdown, bad actors who we had seen testing banking systems across our customer portfolio for weeks, scaled up their attacks within hours, leveraging bots to create new accounts about every four minutes. Banks and fintechs providing small business and/or investment accounts must practice vigilance during this time of uncertainty. Socure will partner with our customers to do just this,” says Ayers.
Thales, others partner on cyber intel platform
Elsewhere in fraud prevention, Thales is leading an initiative of ten other firms specialized in the domain of cybersecurity for the creation of a single platform that will provide cybersecurity intelligence information and solutions to companies and the government in France.
An announcement from Thales indicates that the initiative, dubbed SCRED, enjoys huge support from the French government. The initiative’s immediate goal is to provide cybersecurity solutions to French organizations, and in the long term, set the stage for a centralized service offering, including a National Cyber Situation Analysis Centre that is expected to eventually contribute to Europe’s cybersecurity sovereignty efforts.
While SCRED will act as a single-entry point for cybersecurity intelligence in France with a variety of services offered through the platform, it will equally help users get more autonomy and consolidate users’ confidence in information systems, support greater cyber sovereignty by using French solutions, and pave the way for new cybersecurity standards in Europe and elsewhere around the world.
Commenting on the initiative, Thales VP of Cyber Solutions Pierre-Yves Jolivet says: “Thales is committed to working with other cybersecurity specialists to accelerate the maturity of France’s cyber intelligence capabilities and strengthen the country’s collective security. This project will coordinate a whole ecosystem of players to provide users with a full-service platform and contribute to France’s strategic autonomy in this area.”
Other partners on the initiative include Atos, Filigran, GeoTrend, Glimps, Harfanglab, KORLabs Cybersecurity, Sekoia and SnowPack.
Platform for sale of stolen IDs dismantled
In the meantime, a collaboration by law enforcement and intelligence authorities from 17 countries has led to the dismantling of an online market place which facilitated the sale of identities for criminal purposes, with digital ID being the main commodity.
Genesis Market, as the platform was called, was taken down on 4 April and its infrastructure seized, according to a news release from the European Union agency for law enforcement cooperation.
More than two million IDs referred to as ‘bots’ by the vendors were listed for sale on the platform at the time it was taken down.
Other actions taken as part of ‘Operation Cookie Monster’ included the arrest of 119 persons and the search of 208 properties of persons related to the platform, the release notes.
The IDs were bought mostly by hackers, with some of the bots containing information that could lead to victims’ online banking details.
Europol’s European Cybercrime Center (EC3) said it made the takedown of the platform a priority as IDs bought from it could facilitate all sorts of crime.
“Through the combined efforts of all the law enforcement authorities involved, we have severely disrupted the criminal cyber ecosystem by removing one of its key enablers. With victims located across the globe, the strong relationships with our international partners were critical in the success of this case,” says EC3 Head Edvardas Šileris in a statement.
The Dutch Police, which collaborated in the operation, has developed a platform for people to check if their IDs are part of those stolen or compromised by the criminal network.