Read Time:9 Second
It was discovered that missing input sanitising in python-nbxmpp, a
Jabber/XMPP Python library, could result in denial of service in clients
based on it (such as Gajim).
Friday Squid Blogging: Cephalopods Thirty Million Years Older Than Previously Thought
Read Time:13 Second
New fossils from Newfoundland push the origins of cephalopods to 522 million years ago.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
FBI Issues Warning Over Iranian Cyber Company
Read Time:1 Minute, 49 Second
FBI Issues Warning Over Iranian Cyber Company
The Federal Bureau of Investigation (FBI) has issued a Private Industry Notice on protecting against malicious activity by Iranian cyber company Emennet Pasargad (formerly known as Eeleyanet Gostar).
Two Iranian nationals employed by the company were indicted on October 20 2021 by a grand jury in the US District Court for the Southern District of New York over their alleged involvement in a campaign to influence and interfere with the outcome of the 2020 US presidential election.
Seyyed Mohammad Hosein Musa Kazemi and Sajjad Kashian were accused of conspiring with others to run a sophisticated campaign that included sending threatening emails to voters, hacking into the computer networks of an American media company and impersonating a far-right organization to cast doubt over the integrity of electoral ballots.
The Department of the Treasury Office of Foreign Assets Control sanctioned Emennet, four members of the company’s management team and Kazemi and Kashian for attempting to influence the same election.
The Notice states that Emmenet also previously conducted cyber-enabled information operations that used a false flag persona to spread propaganda via text message.
“According to FBI information, in late 2018, the group masqueraded as the ‘Yemen Cyber Army’ and crafted messaging critical of Saudi Arabia,” states the Notice.
“Emennet also demonstrated interest in leveraging bulk SMS services, likely as a means to mass-disseminate propaganda or other messaging.”
Included in the Notice was a summary of Emennet’s past tactics, techniques and procedures (TTPs), which included using virtual private network services to obfuscate the origin of their activity.
Over the past three years, Emennet has selected potential victims by performing web searches for leading businesses in various sectors. The group would then scan the websites of the businesses that appeared in the search results for vulnerable software that could be exploited to establish persistent access.
Information gathered by the FBI indicates that Emennet also attempted to leverage cyber intrusions conducted by other actors for its own benefit.
“This includes searching for data hacked and leaked by other actors and attempting to identify webshells that may have been placed or used by other cyber-actors,” said the FBI.
Most Ransomware Infections are Self-installed
Read Time:1 Minute, 50 Second
Most Ransomware Infections are Self-installed
New research from managed detection and response (MDR) provider Expel found that most ransomware attacks in 2021 were self-installed.
The finding was included in the company’s inaugural annual report on cybersecurity trends and predictions, Great eXpeltations, published on Thursday.
Researchers found eight out of ten ransomware infections occurred after victims unwittingly opened a zipped file containing malicious code. Abuse of third-party access accounted for 3% of all ransomware incidents, and 4% were caused by exploiting a software vulnerability on the perimeter.
The report was based on the analysis of data aggregated from Expel’s security operations center (SOC) concerning incidents spanning January 1 2021 to December 31 2021.
Other key findings were that 50% of incidents were BEC (business email compromise) attempts, with SaaS apps a top target.
More than 90% of those attacks were geared towards Microsoft O365, while assaults against Google Workspace accounted for fewer than 1% of incidents. The remaining 9% targeted Okta.
Ransomware attacks accounted for 13% of all opportunistic attacks. The five most targeted industries in descending order were legal services, communications, financial services, real estate and entertainment.
In addition, 35% of web app compromises Expel responded to resulted in the deployment of a crypto miner.
To protect against threats in 2022, Expel recommended implementing network layer controls to detect and block network communications to crypto mining pools and confirming event data recorder (EDR) coverage across all endpoints.
The company also advised forwarding computing resource alarms to a security information and event management (SIEM) software solution to flag overtaxed resources potentially deployed for crypto-jacking.
Other advice included defending the self-installation attack surface on Windows, deploying MFA everywhere, especially for remote access, patching and updating regularly and deploying EDR policies in block mode.
Users were also advised not to expose RDP (remote desktop protocol) directly to the internet.
“We founded Expel with a goal of bringing more transparency to security,” said Dave Merkel, CEO of Expel, on Thursday.
“Today we reach a new milestone tied to that commitment – we’re sharing the most important threats and trends our SOC identified last year and their advice on what to do about them.”
Water Utilities Get 100-Day Cybersecurity Plan
Read Time:1 Minute, 51 Second
Water Utilities Get 100-Day Cybersecurity Plan
The United States Environmental Protection Agency (EPA) has drawn up a 100-day game plan to help protect the nation’s water systems from cyber-attacks.
The Industrial Control Systems Cybersecurity Initiative – Water and Wastewater Sector Action Plan focuses on high-impact acts that can be performed within 100 days to improve cybersecurity across the water sector.
Strategies detailed in the roadmap promote and support the early detection of cyber-threats and the rapid sharing of data across the government to speed up cyber-threat analysis and action.
The plan advocates the establishment of a cybersecurity task force comprising leaders from the water sector. It also calls for the implementation of pilot projects to demonstrate and accelerate the adoption of incident monitoring.
“Cyber-attacks represent an increasing threat to water systems and thereby the safety and security of our communities,” said EPA administrator Michael S. Regan.
“As cyber-threats become more sophisticated, we need a more coordinated and modernized approach to protecting the water systems that support access to clean and safe water in America.”
The plan was announced on Thursday by the EPA and its federal partners. It was developed by the EPA, the National Security Council (NSC), the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the Water Sector Coordinating Council and Water Government Coordinating Council (WSCC/GCC).
“The action plans for the electric grid and pipelines have already resulted in over 150 electricity utilities serving over 90 million residential customers and multiple critical natural gas pipelines deploying additional cybersecurity technologies,” said deputy national security advisor for cyber and emerging technology, Anne Neuberger.
She added: “This plan will build on this work and is another example of our focus and determination to use every tool at our disposal to modernize the nation’s cyber defenses, in partnership with private sector owners and operators of critical infrastructure.”
The EPA said it intends to “encourage, incentivize and assist” water sector stakeholders to rapidly deploy industrial control systems (ICS) cybersecurity monitoring technologies.
“Public-private sector collaboration like this initiative is central to protecting the American public and their ability to safely access critical services,” said secretary of homeland security Alejandro Mayorkas.
It’s Data Privacy Day: Here’s How to Stay Protected in 2022
Read Time:4 Minute, 42 Second
When you logged on to your computer this morning, data privacy probably wasn’t the first thing you were thinking about. The same goes for when you opened your phone to catch up on social media and check emails, turned on your smart TV for a family movie night, or all the other ways we routinely use our connected devices in our everyday lives.
Although we live in an increasingly connected world, most of us give little thought to data privacy until after our personal information has been compromised. However, we can take proactive steps to help ourselves and our loved ones navigate this environment in a safe way. On January 28th – better known as Data Privacy Day2 – we have the perfect opportunity to own our privacy by taking the time to safeguard data. By making data privacy a priority, you and your family can enjoy the freedom of living your connected lives online knowing that your information is safe and sound.
Data Security vs. Data Privacy
Did you know that there is a difference between data security and data privacy? Although the two are intimately intertwined, there are various characteristics of each that make them different. National Today3 provides a useful analogy to define the two:
Data security is like putting bars on your windows to make it difficult for someone to break into your home (guarding against potential threats).
Data privacy is like pulling down the window shades so no one can look inside to see what you are wearing, who lives with you, or what you’re doing (ensuring that only those who are authorized to access the data can do so).
At this point, we already know not to share our passwords or PIN numbers with anyone. But what about the data that is collected by companies every time we sign up for an email newsletter or make an online account? Oftentimes, we trust these companies to guard the personal data they collect from us in exchange for the right to use their products and services. However, the personal information collected by companies today is not regarded as private by default, with a few exceptions. For this reason, it’s up to us to take our data privacy into our own hands.
The Evolution of Data Breaches
Because we spend so much of our day online, plenty of our information is available on the internet. But what happens if one of your favorite online retailers experiences a data breach? This is the reality of the world we live in today, as data breaches have been on the rise and hackers are continuously finding clever, new ways to access our devices and information.
Thanks to the COVID-19 pandemic, we’ve become more reliant on technology than ever before. Whether it be for distance learning, online shopping, mobile banking, or remote work, we’ve all depended on our devices and the internet to stay connected. But with more time online comes more opportunities for cybercriminals to exploit. For example, with the massive increase in remote work since the onset of the pandemic, hackers have hijacked online meetings through a technique called ‘Zoombombing4.’ This occurred after the online conferencing company shared personal data with Facebook, Google, and LinkedIn. Additionally, the number of patient records breached in the healthcare industry jumped to 21.3 million in the second half of 2020 due to the increase in remote interactions between patients and their providers5.
When it comes to data breaches, any business is a potential target because practically every business is online in some way. When you put this in perspective, it’s important to consider what information is being held by the companies that you buy from. While a gaming service will likely have different information about you than your insurance company, you should remember that all data has value, and you should take steps to protect it like you would money.
Protecting Your Privacy With McAfee
Your browsing history and personal information are private, and we at McAfee want to keep it that way. By using McAfee Secure VPN, you can browse confidently knowing that your data is encrypted.
To further take control of your data privacy, monitor the health of your online protection with McAfee’s Protection Score. This tool provides simple steps to improve your security and allows you to know how safe you are online, which is the first step towards a safer, more confident connected life. Check your personal protection score here.
Here are a few more tips to keep you on top of your data privacy game:
1. Update your privacy and security settings. Begin with the websites and apps that you use the most. Check to see if your accounts are marked as private, or if they are open to the public. Also, look to see if your data is being leaked to third parties. You want to select the most secure settings available, while still being able to use these tools correctly.
2. Lock down your logins. Secure your logins by making sure that you are creating long and unique passphrases for all your accounts. Use multi-factor identification, when available.
3. Protect your family and friends. You can make a big difference by encouraging your loved ones to protect their online privacy. By helping others create solid safety habits as they build their digital footprints, it makes all of us more secure.
Follow the conversation this Data Privacy Day by following #PrivacyAware and #DataPrivacyDay on social media.
The post It’s Data Privacy Day: Here’s How to Stay Protected in 2022 appeared first on McAfee Blog.
Who Wrote the ALPHV/BlackCat Ransomware Strain?
Read Time:6 Minute, 55 Second
In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. “BlackCat“), considered to be the first professional cybercrime group to create and use a ransomware strain written in the Rust programming language. In this post, we’ll explore some of the clues left behind by a developer who was reputedly hired to code the ransomware variant.
Image: Varonis.
According to an analysis released this week by Varonis, ALPHV is actively recruiting operators from several ransomware organizations — including REvil, BlackMatter and DarkSide — and is offering affiliates up to 90 percent of any ransom paid by a victim organization.
“The group’s leak site, active since early December 2021, has named over twenty victim organizations as of late January 2022, though the total number of victims, including those that have paid a ransom to avoid exposure, is likely greater,” Varonis’s Jason Hill wrote.
One concern about more malware shifting to Rust is that it is considered a much more secure programming language compared to C and C++, writes Catalin Cimpanu for The Record. The upshot? Security defenders are constantly looking for coding weaknesses in many ransomware strains, and if more start moving to Rust it could become more difficult to find those soft spots.
Researchers at Recorded Future say they believe the ALPHV/BlackCat author was previously involved with the infamous REvil ransomware cartel in some capacity. Earlier this month the Russian government announced that at the United States’ request it arrested 14 individuals in Russia thought to be REvil operators.
Still, REvil rolls on despite these actions, according to Paul Roberts at ReversingLabs. “The recent arrests have NOT led to a noticeable change in detections of REvil malicious files,” Roberts wrote. “In fact, detections of files and other software modules associated with the REvil ransomware increased modestly in the week following the arrests by Russia’s FSB intelligence service.”
Meanwhile, the U.S. State Department has a standing $10 million reward for information leading to the identification or location of any individuals holding key leadership positions in REvil.
WHO IS BINRS?
A confidential source recently had a private conversation with a support representative who fields questions and inquiries on several cybercrime forums on behalf of a large and popular ransomware affiliate program. The affiliate rep confirmed that a coder for ALPHV was known by the handle “Binrs” on multiple Russian-language forums.
On the cybercrime forum RAMP, the user Binrs says they are a Rust developer who’s been coding for 6 years. “My stack is Rust, nodejs, php, golang,” Binrs said in an introductory post, in which they claim to be fluent in English. Binrs then signs the post with their identification number for ToX, a peer-to-peer instant messaging service.
That same ToX ID was claimed by a user called “smiseo” on the Russian forum BHF, in which smiseo advertises “clipper” malware written in Rust that swaps in the attacker’s bitcoin address when the victim copies a cryptocurrency address to their computer’s temporary clipboard.
The nickname “YBCat” advertised that same ToX ID on Carder[.]uk, where this user claimed ownership over the Telegram account @CookieDays, and said they could be hired to do software and bot development “of any level of complexity.” YBCat mostly sold “installs,” offering paying customers to ability to load malware of their choice on thousands of hacked computers simultaneously.
There is also an active user named Binrs on the Russian crime forum wwh-club[.]co who says they’re a Rust coder who can be reached at the @CookieDays Telegram account.
On the Russian forum Lolzteam, a member with the username “DuckerMan” uses the @CookieDays Telegram account in his signature. In one thread, DuckerMan promotes an affiliate program called CookieDays that lets people make money by getting others to install cryptomining programs that are infected with malware. In another thread, DuckerMan is selling a different clipboard hijacking program called Chloe Clipper.
The CookieDays moneymaking program.
According to threat intelligence firm Flashpoint, the Telegram user DuckerMan employed another alias — Sergey Duck. These accounts were most active in the Telegram channels “Bank Accounts Selling,” “Malware developers community,” and “Raidforums,” a popular English-language cybercrime forum.
I AM DUCKERMAN
The GitHub account for a Sergey DuckerMan lists dozens of code repositories this user has posted online over the years. The majority of these projects were written in Rust, and the rest in PHP, Golang and Nodejs — the same coding languages specified by Binrs on RAMP. The Sergey DuckerMan GitHub account also says it is associated with the “DuckerMan” account on Telegram.
Sergey DuckerMan has left many accolades for other programmers on GitHub — 460 to be exact. In June 2020, for example, DuckerMan gave a star to a proof-of-concept ransomware strain written in Rust.
Sergey DuckerMan’s Github profile says their social media account at Vkontakte (Russian version of Facebook/Meta) is vk.com/duckermanit. That profile is restricted to friends-only, but states that it belongs to a Sergey Pechnikov from Shuya, Russia.
A look at the Duckermanit VKontakte profile in Archive.org shows that until recently it bore a different name: Sergey Kryakov. The current profile image on the Pechnikov account shows a young man standing closely next to a young woman.
KrebsOnSecurity reached out to Pechnikov in transliterated Russian via the instant message feature built into VKontakte.
“I’ve heard about ALPHV,” Pechnikov replied in English. “It sounds really cool and I’m glad that Rust becomes more and more popular, even in malware sphere. But I don’t have any connections with ransomware at all.”
I began explaining the clues that led to his VK account, and how a key cybercriminal actor in the ransomware space had confirmed that Binrs was a core developer for the ALPHV ransomware.
“Binrs isn’t even a programmer,” Pechnikov interjected. “He/she can’t be a DuckerMan. I am DuckerMan.”
BK: Right. Well, according to Flashpoint, the Telegram user DuckerMan also used the alias Sergey Duck.
Sergey: Yep, that’s me.
BK: So you can see already how I arrived at your profile?
Sergey: Yep, you’re a really good investigator.
BK: I noticed this profile used to have a different name attached to it. A ‘Sergey Kryakov.’
Sergey: It was my old surname. But I hated it so much I changed it.
BK: What did you mean Binrs isn’t even a programmer?
Sergey: I haven’t found any [of] his accounts on sites like GitHub/stack overflow. I’m not sure, does binrs sell Rust Clipper?
BK: So you know his work! I take it that despite all of this, you maintain you are not involved in coding malware?
Sergey: Well, no, but I have some “connections” with these guys. Speaking about Binrs, I’ve been researching his personality since October too.
BK: Interesting. What made you want to research his personality? Also, please help me understand what you mean by “connections.”
Sergey: I think he is actually a group of some people. I’ve written him on telegram from different accounts, and his way of speaking is different. Maybe some of them somehow tied with ALPHV. But on forums (I’ve checked only XSS and Exploit) his ways of speaking are the same.
BK: …..
Sergey: I don’t know how to explain this. By the way, binrs now is really silent, I think he’s lying low. Well, this is all I know.
No doubt he is. I enjoyed speaking with Sergey, but I also had difficulty believing most of what he said. Also, I was bothered that Sergey hadn’t exactly disputed the logic behind the clues that led to his VK account. In fact, he’d stated several times that he was impressed with the investigation.
In many previous Breadcrumbs stories, it is common at this point for the interviewee to claim they were being set up or framed. But Sergey never even floated the idea.
I asked Sergey what might explain all these connections if he wasn’t somehow involved in coding malicious software. His answer, our final exchange, was again equivocal.
“Well, all I have is code on my github,” he replied. “So it can be used [by] anyone, but I don’t think my projects suit for malwares.”
Tracking Secret German Organizations with Apple AirTags
Read Time:1 Minute, 19 Second
A German activist is trying to track down a secret government intelligence agency. One of her research techniques is to mail Apple AirTags to see where they actually end up:
Wittmann says that everyone she spoke to denied being part of this intelligence agency. But what she describes as a “good indicator,” would be if she could prove that the postal address for this “federal authority” actually leads to the intelligence service’s apparent offices.
“To understand where mail ends up,” she writes (in translation), “[you can do] a lot of manual research. Or you can simply send a small device that regularly transmits its current position (a so-called AirTag) and see where it lands.”
She sent a parcel with an AirTag and watched through Apple’s Find My system as it was delivered via the Berlin sorting center to a sorting office in Cologne-Ehrenfeld. And then appears at the Office for the Protection of the Constitution in Cologne.
So an AirTag addressed to a telecommunications authority based in one part of Germany, ends up in the offices of an intelligence agency based in another part of the country.
Wittmann’s research is also now detailed in the German Wikipedia entry for the federal telecommunications service. It recounts how following her original discovery in December 2021, subsequent government press conferences have denied that there is such a federal telecommunications service at all.
Here’s the original Medium post, in German.
In a similar story, someone used an AirTag to track her furniture as a moving company lied about its whereabouts.
White House Releases Zero Trust Strategy for Federal Government
Read Time:2 Minute, 37 Second
White House Releases Zero Trust Strategy for Federal Government
The White House has unveiled its strategy to embed a zero trust approach to cybersecurity across the federal government.
The memorandum, published by the Office of Management and Budget (OMB), sets out a series of specific security goals for agencies to establish a ‘never trusted, always verified’ model. This includes introducing stronger enterprise identity and access controls, such as multi-factor authentication (MFA). It also wants federal agencies to have a complete inventory of every device it operates and authorizes for government use and encrypt all DNS requests and HTTP traffic within their environment.
The strategy represents a key component of delivering President Joe Biden’s Executive Order last year, which mandated a drive to secure cloud services and zero trust across federal government departments and their suppliers.
Federal agencies must incorporate the additional requirements identified in the new memorandum into their plans to develop zero trust architecture within 60 days. In addition, they need to designate and identify a zero trust strategy implementation lead for their organization.
The latest requirements were developed in response to increasingly sophisticated cyber-attacks, including the Log4j vulnerability. The OMB said such incidents have demonstrated that the federal government can no longer depend on conventional perimeter-based defenses to protect critical systems and data.
Federal chief information officer Clare Martorana commented: “Security is the cornerstone of our efforts to build exceptional digital experiences for the American public.
“Federal agency CIOs and IT leadership are leaning into this challenge, and the zero trust strategy provides a clear roadmap for deploying technology that is secure by design and responsive to the needs of our workforce so they can better deliver for the American public.”
Responding to the memorandum, Vats Srivatsan COO of ColorTokens, pondered whether the UK will take a similar approach to mandating zero trust principles across the government. “This week the United States took a proactive step towards safeguarding the nation with resilient security. Government-wide zero trust mission completion will be a journey, and the path has been laid out in a set of goals and implementation efforts outlined in the OMB’s strategy. This undoubtedly sets a precedent for other countries and is a well laid-out model of implementation that the UK can and should borrow from.
“Zero trust is widely recognized as a highly effective, long-term approach to breach resilience; however, zero trust architecture can’t be achieved overnight. The sooner any institution embarks on a zero trust journey to modernize its cyber-defenses, the sooner zero trust maturity and breach resilience can be achieved. Boris Johnson is known to keep his eye on modern technology, so it is a surprise that the UK appears to be kicking the zero trust can down the road. That being said, the UK frequently follows suit on US policy, oftentimes with some initial hesitation. If the UK plans to stay ahead of the threat environment, it will certainly want to follow the US’s lead.”
Earlier this week, the UK government announced a new cybersecurity strategy designed to protect essential public sector services from being shut down by hostile actors.
M&A Trending In Cybersecurity Industry Vertical For 2022
Read Time:4 Minute, 46 Second
This blog was written by an independent guest blogger.
Requires strong due diligence
Nowadays you need a scorecard to keep track of the monthly acquisitions and mergers in the cybersecurity industry. Mergers and acquisition (M&A) of products, capabilities, and companies has become a common strategy for business and market growth. Even through the Covid19 pandemic, trends in acquisition and consolidation of information security oriented companies remained quite strong. In fact, the volume of U.S. cybersecurity M&A deals hit 151 in the first three quarters of 2021, compared to 80, 88 and 94 in 2018, 2019 and 2020, respectively, according to data from 451 Research. Please see graphic from S&P Global Market Intelligence.
According to CSO, 2021 shaped up to be an active year for mergers and acquisitions in the cybersecurity industry. March alone saw more than 40 firms being acquired. The level of activity is driven by growth in sectors such as identity management, zero trust, managed security services, DevSecOps and cloud security. Top cybersecurity M&A deals for 2021 | CSO Online
In December 2021 alone, Security Week’s cybersecurity M&A roundup for December 2021 listed 35 deals amounting to $ billions of dollars in transactions. Cybersecurity M&A Roundup: 35 Deals Announced in December 2021 | SecurityWeek.Com
In 2022 M& A in cybersecurity will likely expand to ever greater heights. Because of the trend digital transformation, almost every company in every vertical has an information technology or operational technology component vital to successful operations. A breach could be devastation to a company bottom line and reputation, so cybersecurity capabilities have become more of a priority for the C-Suite as the stakes have risen.
No matter what industry you may be in, there certainly are high stakes involved with M & A. Companies are taking great risks in terms of their economic future when acquiring assets of a target company. A great amount of due diligence is invested in the M&A process to discover potentially harmful legal claims, tax issues, environmental issues, and confirming that the target company assets are provable, real, and unencumbered.
According to the consulting firm Deloitte, it is estimated that in 2022, about 60 percent of the organizations will consider cybersecurity posture in their due diligence process as a critical factor during any M&A2. Technology disruption Technology disruption assists companies to evolve into new business models and upgrade their traditional modes of operating business. PowerPoint Presentation (deloitte.com)
It is all about risks. “A damaged asset is worth less,” according to Sean Wessman, a Principal at EY’s Americas Risk and Cybersecurity Practice. “Cybersecurity issues potentially affect M&A in a number of ways. Given how costly data breaches can be in both tangible and intangible terms, acquirers want to get as much certainty as possible about the risks they are buying in a deal. “The Role of Cybersecurity in M&A – Journal of Cyber Policy
There is an array of activities involved in basic cybersecurity due M & A diligence. This include having a solid inventory of both hardware and software assets of the company being targeted for acquisition or merger. Knowledge of where all sensitive data is kept, who has (or had) administrative access, and which 3rd parties participate in the supply chain is important to investigate. Of course, there are also the legal requirements of confirming validity of patents.
Physical security due diligence is a necessary step to how data centers are configured and protected and especially what hardware devices are connected to the networks. An unauthorized, or negligently networked device provides an easy means for economic espionage and avenue for hackers to exfiltrate data.
In our budding digital transformation era, the same focus must be applied to due diligence of software applications that serve as the core operation center of a company. An undiscovered vulnerability can seriously undermine the value and optimization of an acquisition.
With software applications due diligence requires knowing what you have and what you do not have. Are the applications configured correctly, is there any hidden malware, are there risky legacy programs attached to the applications? And are there any potential Zero Day risks?
There is only one sure fire way to mitigate software application risk, at that is through comprehensive penetration testing. Testing identifies vulnerabilities and allows for understanding the cyber- risks they are obtaining in a deal. Before the mergers & acquisition formally proceeds, all acquired application software should be tested to detect all variations of malware, known and unknown. Sometimes, the potentially acquired company does not even know fully what devices or applications they have operating in their own networks.
Testing can proactively discover vulnerabilities in legacy applications, distribution of IT assets, and many other use cases, including how the data and intellectual properties acquired are protected.
In conjunction with application testing, the cybersecurity M & A Process should also explore the proper business alignment and maintenance of all acquired applications and be part of a larger framework. For example, the Kroll Cyber Due Diligence for M & A infographic provides a working overview. It should be noted, cyber due diligence, including testing of applications, is also important for post transaction operations.
The new realities of sophisticated and growing cyber threats in a digital world ensures that M & A will continue to be a preferred strategy by companies for improving market capabilities and positioning for the near term. The trend in both government and the private sector of Zero Trust combined with regulatory initiatives will amplify the need for stronger products and services to meet challenges ahead. Including keeping our cybersecurity M & A scorecards up to date.