"Complex M&A Deals Pave Way for Security Gaps"

IronNet researchers discovered a likely China-based threat actor that had infiltrated a US software company using legacy infrastructure from a previous company acquisition. Before deploying the Shack2 and China Chopper web shells, the threat actor used compromised Virtual Private Network (VPN) credentials to gain initial access to a compartmentalized segment of the business. This segment, which included unpatched legacy systems such as file servers, data repositories, and consumer and transaction databases, belonged to a company acquired by the unnamed targeted organization in 2014. According to researchers, the attackers were on the networks for weeks or even months, staging activity for future exploitation with the possible end goal of stealing data or finding a pivot point to access production environments. The incident highlights the inherent security risks in corporate merger and acquisition (M&A) activity, which has continued at a rapid pace since the pandemic, with volumes increasing by 64 percent year-on-year in 2021. According to security experts, any type of change makes a company particularly vulnerable to cyberattacks, but the inherent complexity, speed, and secrecy across the acquisitions process makes this landscape particularly lucrative for threat actors. According to Jason Button, Cisco's director of Security and Trust M&A, the M&A space is a high-value target. Acquisitions made by large corporations usually garner front-page attention, which can turn the acquired company into a target. The parent and acquired companies prematurely connect their networks and/or share sensitive data. If the acquired company's security is lax, it could serve as an easy entry point to the parent company for much more valuable information. The impact of cybersecurity weaknesses or incidents at organizations is becoming more important during the M&A process, according to a 2019 Forescout survey, which found that 81 percent of Information Technology (IT) and business decision-makers were more focused on the acquisition target's cybersecurity posture than in the past. More than half of respondents said they had encountered a critical security issue or incident during an M&A transaction that jeopardized the deal, indicating that security flaws are having an impact on deals themselves. This article continues to discuss how M&A activity can pose a security risk. 

Decipher reports "Complex M&A Deals Pave Way for Security Gaps"