Elite Threat Hunting Teams Track Down Hidden Threats in M&A Situations
By now we have discussed several areas of proactive security and how external threat hunting functions powered by Pure Signal Recon pays back huge dividends to the budget and reducing corporate risk.
The most obvious area where supporting elite threat hunting capabilities pays off is in avoiding a data breach in the first place. Other areas where new capabilities were realized include trimming unnecessary sources of threat intelligence. Then we talked about third party risk reduction and cost savings are other areas aided by early identification of compromised supply chain partners.
Now let’s tackle the subject of threat hunting for and on behalf of the Corporate Risk team. Proactively searching for ongoing threats relating to M&A activities and within subsidiaries pays off in early identification of compromise. This is an important part of daily life in a multinational corporation as new acquisitions represent the key to growth and access to innovation, but they also send chills down the spine of those responsible for the day they join parent IT systems.
How do you really know news of the acquisition hasn’t already leaked into the hands of your adversaries? They can more easily implant themselves in a smaller acquisition, wait around until they are integrated with your system and voila! They now have access to you: their original objective.
However, there is significant opportunity in being proactive, as this is an area where CISO efforts to be proactive in their cybersecurity program can stand out and make a direct impact on reducing corporate risk.
Detecting Active CyberThreats in M&A Activities Gives Back to the Budget
When it comes to monitoring the cybersecurity practices of M&A interests and recently acquired companies, there are two schools of thought for assessing their cybersecurity posture. One course of CISO action says that when due diligence kicks in, that is when you can hand out the security questions, audit spreadsheets, and security scorecard forms to the company you are looking to acquire. Another train of thought calls for saving the spreadsheets for later and dive in right now and start monitoring the company’s infrastructure for threats and malicious C2 communications. There are no prizes for guessing which option gives a clear picture of risks and threats in real time.
“We identified an APT (advanced persistent threat) attack on a subsidiary. We found the point of entry and the timeframe using Recon.... Once identified, we narrowed in on what was happening using Recon, and we were able to see the connections in the port usage by figuring out what tools they were using and how they were [using them]. None of the subsidiary’s security solutions caught it, but we caught it with Recon.” Lead security analyst |
By using Pure Signal Recon analysts have the visibility into the external threat landscape - that means eyes on the acquisition candidates today, now. Not after forming filling, and especially not after networks are joined and breach attacks commence.
Forward looking CISOs need to instruct their teams to proactively look for compromises in third party infrastructure and monitor for signs of malicious communications with C2 systems. It is much better to be in a position of being able to tell a subsidiary or a M&A target that they have a problem than to wait for them to tell you they have a problem - this is how the story unfurled at our customer:
The security team was able to detect an advanced persistent threat that none of the company’s other defenses picked-up. With information from Recon, the subsidiary’s IR team shut down the attack before any more damage was done. Early identification of this attack paid off in several ways:
Shut-down an attack on a subsidiary with real-time notification of malicious C2 communications
Prevented attacker from gaining enough access to pivot to core networks and applications of the parent company
Avoided post breach costs of remediation, customer communications, fines, and all other external facing costs
Averted malware attack on new organizational acquisition, saving $771,450 over 3 years
The external attack surface of this enterprise organization represents a large chunk of real estate as it spans their infrastructure as well as supply chain partners, serious M&A targets, and subsidiaries. Corporate risk runs high as these entities represent new ways for attackers to entrench themselves in core systems of the parent company.
M&A opportunities and subsidiaries are ripe for sophisticated attackers to spread their wings and find new ways to infiltrate parent organizations. It is a perfect situation for attackers to take advantage of. Everyone is distracted, busy, and there are many new names and faces. Some say it is the perfect opportunity for a ransomware attack, as a company being acquired will most likely pay a ransom instead of disclosing what happened to the parent company. Taking a proactive approach to cybersecurity pays off, a recent Accenture study revealed that 92% of CIOs say their cybersecurity due diligence uncovered key risks or resulted in a material impact in their deals. M&A deals are a high stakes game with a lot of money involved and you can’t put off cybersecurity until the deal is done.
CISO Tools:
Learn more about how you can get started on the path towards reducing data breaches and utilizing real-time threat intelligence, request a free copy of the full financial analysis of Threat Reconnaissance here.
Engage your analysts directly with our Security Architects and expert practitioners via our Sales Team, starting here.