Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

3/8/2018
10:30 AM
Alon Arvatz
Alon Arvatz
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Cybersecurity Gets Added to the M&A Lexicon

Threat intelligence data can give a clear picture of an acquisition target that could make or break a deal.

At the start of 2018, the technology industry kicked off with two well-publicized acquisitions: Cisco bought Skyport Systems and Amazon got Sqrrl. It doesn't matter if the industry is in technology, financial services, telecommunications, or any other vertical market, the merger and acquisition process is well-defined: the acquirer's goal is to uncover as much information about the acquisition target as possible in order to determine if the transaction will have a positive outcome.

Historically, through the due diligence process one would seek intel on financial stability, growth expectations, market saturation, talent, and partnerships. While all of these still influence a transaction, there is a relatively new variable to the equation: cybersecurity. From the banks involved to the legal departments drafting the deal, the importance of an acquisition target's security posture cannot be denied.

Threat intelligence is emerging as an important factor in the due diligence process, as a means to better understand the ultimate security risk associated with any M&A activity. To have the ability to listen to the Dark Web and hacker chatter forums gives the acquiring company insight into historical accounts of attacks, potential data breaches or leakage, insider threat activity, and ongoing security exploits focused on the target and its customers by a known adversary.

Cybersecurity and threat intelligence is now entering much earlier in the vetting process. As companies look to benchmark potential acquisition targets against each other, they are pulling threat intelligence data and reports to assess which company is better suited for acquisition and still has control over their intellectual property and data.

Everyone involved knows that companies are going to do their best to look as good as possible and seek the best price for its contents during the due diligence process. The only way to really validate a target's cybersecurity posture is to delve into the threat intelligence data, and thereby find out what the target omitted on purpose or doesn't know. Having this kind of validation and intelligence on the status of a target's intellectual property, customer data, credentials, and threat landscape will enable the acquiring company to make a more informed decision about the transaction.

Ask These Questions
So, what are the right questions to ask? There are many, but to start you need to get in front of the CISO or IT security manager to assess the following:

  • What's in your security infrastructure?
  • What types of security processes do you have in place?
  • Have you experienced any attacks or breaches in the past few years?
  • Have you identified any issues with insider threats?
  • Do you have any known adversaries?
  • Do you have security requirements for your third or fourth party vendors? 

Unfortunately, the security challenges associated with M&A activity do not stop at attacks and breaches but continue through the act of marrying two disparate security systems together in an effort to join the two companies or entities. From merging mail domains to joining the networks, the risks associated with merging IT infrastructure are not only dangerous, they're costly. Should the target have an unknown threat or vulnerability in its environment, that issue is now being introduced into the acquirer's network, giving attackers much more access than they bargained for in the original attack.

With any security issues, the acquiring company is taking on financial and growth risk, but brand and reputation are also key factors. For example: A very common attack vector involves creating a fake look-alike mobile application, similar to an organization's real application, and installing it on victim's phones. This can lead to data leakage from the affected phone or to abuse of the phone resources for cryptocurency mining. The intelligence about this type of app is crucial for security but can also reflect a threat to the brand and reputation of the acquired  company, as this app might be used to attack the company's customers.

There is no guarantee with any merger, but if you can dig into the threat intelligence data about an acquisition target and its partners, as well as assessing internal cybersecurity processes and potential issues, you will have a much clearer picture of the overall viability of the company and its intellectual property.

Related Content:

 

Black Hat Asia returns to Singapore with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier solutions and service providers in the Business Hall. Click for information on the conference and to register.

Alon Arvatz served in an elite intelligence unit in the Israel Defense Forces. While serving for three years in the most innovative and operational setting, Alon led and coordinated large operations in the cyber intelligence world. Alon established Cyber School, a center ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Intel Issues Fix for 'Plundervolt' SGX Flaw
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5252
PUBLISHED: 2019-12-14
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
CVE-2019-5235
PUBLISHED: 2019-12-14
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
CVE-2019-5264
PUBLISHED: 2019-12-13
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition...
CVE-2019-5277
PUBLISHED: 2019-12-13
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.
CVE-2019-5254
PUBLISHED: 2019-12-13
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board m...