APT prevention firm FireEye has warned businesses involved in mergers and acquisition (M&A) activity of a growing risk from online attackers focused on either stealing IP or lifting sensitive corporate information about the deal.
The M&A market is currently booming, but often under-reported is the widespread cyber espionage activity which occurs when two high profile companies look to merge, threat intelligence analyst, Jen Weedon, claimed in a blog post.
FireEye has observed two main scenarios. The first involves attackers breaching a merging or acquired company or their partners with a view to acquiring sensitive IP which will give their clients a competitive advantage.
The second relates to attackers breaching one of the two companies “in order to provide the other side with an insider advantage in the negotiations”. This usually happens when one of the firms is dealing with a foreign enterprise, Weedon said.
“Some threat groups compromise an organization’s environment and then move laterally over a connected network to a partner or subsidiary, while others rely on social engineering tactics, such as the use of phishing emails that appear to be from employees at the partner company,” she added. “We have seen China-based threat groups previously compromise targets by taking advantage of trusted relationships and bridged networks between companies.”
Whatever the tactic, the aim of the attackers is to give their sponsors a competitive advantage, either by “adopting a rival’s technology and products, securing advantageous prices, or any other tactic that could give them a leg up”.
In the second scenario, the attackers are looking for corporate information which “could give negotiators and decision makers valuable insider information with which to manipulate the outcome of the proposed transaction”, Weedon claimed.
FireEye warned businesses and their law firms to be particularly alert during M&A activity to the prospect of cyber attack, claiming that in many cases the attackers could be state sponsored.
“In many cases as well, there are broader issues of national security, so it’s imperative that companies seek to recognize and mitigate these risks as part of their M&A processes moving forward,” Weedon concluded. “Even governments sometimes attempt to mitigate these risks by conducting national security reviews and occasionally rejecting bids based on their findings.”
The examples given by FireEye in the blog were all Chinese and it’s true the country has long been pegged for widespread cyber incursions, often by state-sponsored actors.
This was the reason why the US government took the unprecedented step of indicting five PLA officers last month for hacking US firms for economic gain, something Washington says its spooks do not do.
However, this activity is obviously not restricted to China.
Last month saw the launch of the UK government-backed ‘Cyber-security in Corporate Finance' guide. It detailed the cautionary tale of a FTSE350 company with good cyber security practices, which bought a small business with poor network security.
“It suffered a sustained compromise, and the investigation identified that the adversary had unfettered access to the whole network,” the guide warned. “For a period of over a year, the adversary was responsible for a significant portion of all network traffic, and stole data related to new technology.”