The Washington PostDemocracy Dies in Darkness
The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Silicon Valley Bank collapse poses challenge for cybersecurity defenders, firms

The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Welcome to The Cybersecurity 202! Your periodic reminder to send tips to:

Reading this online? Sign up for The Cybersecurity 202 to get scoops and sharp analysis in your inbox each morning.

Below: Ukraine is drafting a law that aims to end legal confusion over its cyber brigade, and Ring says a vendor was hit by ransomware. First:

The cyber impact of the Silicon Valley Bank collapse

The collapse of Silicon Valley Bank is proving to be fertile ground for cyber scammers. And it is also might make things difficult for cybersecurity companies who have relied on the bank for financing or to hold funds.

Scams targeting people affected by the bank’s collapse wouldn’t be surprising; hackers often wait to exploit tragedy or bad news. “Financially motivated actors are always going to be opportunistically acting on targeting whatever that newsworthy event is, so there’s a blueprint that’s already in place,” Ashley Allocca, an intelligence analyst at cyberintelligence company Flashpoint, told me.

The involvement of a bank in the news only exacerbates that, she said. While the scammers’ targets aren’t yet clear, they could eventually range from bank customers to anyone inclined to click on a link about bank news, Allocca said.

The scams

The presence of a large sum of money, a sense of urgency from companies involved with the bank and uncertainty about things like what emails to expect is “bound to result in some simple but also targeted scams,” as SANS Technology Institute research dean Johannes B. Ullrich explained.

Cyber firms have been monitoring the registration of SVB-related domains that hackers could use to launch their phishing attacks.

  • Allocca said people have also registered domains to imitate the names of other financial institutions, potentially with the idea that hackers would try to pose as those banks to pitch consumers as an alternative to SVB.

Scammers could also try to exploit companies with a relationship to the bank as a jumping off point for attacks. Once crypto company Circle revealed it had cash reserves trapped in SVB, someone began posing as Circle to get victims to click on a dodgy link, cybersecurity firm Proofpoint said.

Cyber experts predict that hackers will probably try to scam SVB victims through business email compromise, where scammers pose as a trusted person to coax a victim into wiring money.

Industry impact

The SVB collapse also presents challenges for cybersecurity firms that relied on the bank.

Still, federal government intervention probably averted the worst potential issues for cybersecurity companies that did business with SVB, Jeff Pollard, vice president and principal analyst at Forrester Research, told me.

But the collapse could change how cyber companies operate going forward, or affect potential future investments from venture capital firms, he said.

Some analysts have offered dire predictions about a negative impact on the cybersecurity industry as a result of SVB’s collapse, suggesting young start-ups will have a tough time getting financial backing going forward.

Pollard said the federal government’s move to guarantee deposits at the bank should keep the impact to a minimum, however. The cyber industry is in pretty good shape compared with other industries, he said, and venture capital firms tend to make long-term plans with their funds.

General jitters about the bank collapse’s effect on the economy means “we may see some conservatism in the future,” Pollard said. SVB offered debt financing, “the last-resort kind of financing for start-ups or earlier stage companies,” and its disappearance could affect companies that rely on it, he said.

And cyber firms are also likely to switch up how they bank, Pollard predicted, by not putting all their money in one financial institution.

Some of the fallout for tech companies in general might take a while to materialize, John Boruvka, vice president of sales at the security consultancy NCC Group, told me. With funds locked on Friday, some SVB customers might not have been able to get money they needed then — but it could take weeks or even months to see the result of that, he said, because of how companies’ finances work.

Government scrutiny

The collapse’s potential impact on U.S. national security drew attention from government officials.

Senate Intelligence Committee Chairman Mark R. Warner (D-Va.) said that things could’ve been worse if the Federal Reserve, the Federal Deposit Insurance Corporation and the Treasury Department hadn’t taken action.

“After an unprecedented and reckless run on Silicon Valley Bank, there were very real risks of instability spreading to other institutions and undermining our national security and technology innovation ecosystem,” Warner said in a statement. “Their quick action will help companies make payroll and preserve jobs all across the country.”

And even a Defense Department office has been tracking the potential fallout.

“Over the past 48 hours, we have been actively collaborating with our DOD and other government colleagues to advocate for our national security community and provide insight into ongoing mitigation efforts,” Office of Strategic Capital Director Jason Rathje said in a March 12 email viewed by Edward Graham of Nextgov. “We are constantly monitoring national security-related impacts to the crisis, and we are looking forward to providing more information as it becomes available.”

The keys

Ukraine drafting cyber law to end legal confusion over hacker brigade

Ukraine is crafting a law that would formally move its volunteer hacking brigade into its armed forces to appease concerns about its legality, Newsweek’s Shaun Waterman reports.

The International Committee of the Red Cross has criticized a trend in which civilians are recruited for offensive cyber operations. Civilians who partake in the war may be “exposed to harm because they might be temporarily deprived of the protections they have as civilians” under international humanitarian law, ICRC legal adviser Kubo Mačák said in the report.

The pending law would be similar to a preexisting model from Estonia. Nataliya Tkachuk, secretary of Ukraine's National Coordination Center for Cybersecurity, said the new law would “become the basis for building the state's cyberdefense capabilities, engaging cyber volunteers in these activities, and creating a cyber reserve,” in remarks to Waterman.

Tkachuk did not provide a timeline on when the law would pass. A foreign aid contractor working in Ukraine, who spoke on the condition of anonymity because they weren’t authorized to speak with reporters, told Waterman that the passage process has been complicated by bureaucratic animosity.

Ransomware group claims responsibility for theft of alleged SpaceX contractor data

Ransomware group LockBit said it stole key data from a materials contractor with supposed ties to Elon Musk’s SpaceX, Eduard Kovacs reports for SecurityWeek.

LockBit claimed SpaceX contracts with Maximum Industries, a manufacturing facility based in Texas specializing in laser cutting and water jets. The group added it obtained 3,000 drawings from SpaceX engineers that they are planning to sell in an online auction next week.

SpaceX and Maximum Industries did not return requests for comment, the report said.

LockBit is a highly active ransomware group believed to have ties to Russia. It has targeted more than 1,000 organizations, including German car parts company Continental, Kovacs writes.

Ring says vendor was hit by ransomware

Ransomware group ALPHV claimed responsibility for a breach of Ring, the security system and camera company, Motherboard’s Joseph Cox and Jason Koebler report. The group, commonly known as BlackCat, is threatening to release the data online, the report said. “There’s always an option to let us leak your data,” a message posted on ALPHV’s website said next to Ring’s logo. It has previously leaked health-care and hospitality data.

Ring, which is owned by Amazon, told Motherboard that it has “no indications” that it was hit by ransomware, but it told the outlet that a third-party vendor was hit with ransomware. The vendor doesn’t have Ring customer records, Ring said. (Amazon founder Jeff Bezos owns The Washington Post.)  

Cox and Koebler write that a person shared a link to their story in an internal Amazon Slack channel saying to not discuss the matter and that the right security teams have been dispatched to address the breach.

Government scan

Presidential advisory council recommends cyber mandates for critical infrastructure (CyberScoop)

CISA creates new ransomware vulnerability warning program (Infosecurity Magazine)

Hill happenings

Hacker posts more D.C. Health Link data online, exposing lawmakers' personal information (CyberScoop)

Global cyberspace

Israel blames prolific Iranian-linked hacking group for February university hack (CyberScoop)

Cyber insecurity

Medical device giant says cyberattack leaked sensitive data of 1 million people (The Record)

Cancer patient sues medical provider after ransomware group posts her photos online (CyberScoop)

Pupils affected as college hit by sophisticated cyber attack (Eastern Daily Press)

LA housing authority discloses data breach after ransomware attack (Bleeping Computer)

2023’s largest health data breach so far brings legal flurry (Bloomberg Government)


  • Cynthia Kaiser, deputy assistant director of the FBI’s cyber division, speaks at an Aspen Institute event discussing how the U.S. addresses national security threats today at 10 a.m. 
  • The Senate Homeland Security and Governmental Affairs Committee will hold a 10 a.m. hearing Thursday to examine cybersecurity risks in the health-care sector.

Secure log off

Thanks for reading. See you tomorrow.