- Home
- Techniques
- PRE-ATT&CK
- Assess opportunities created by business deals
Assess opportunities created by business deals
During mergers, divestitures, or other period of change in joint infrastructure or business processes there may be an opportunity for exploitation. During this type of churn, unusual requests, or other non standard practices may not be as noticeable. [1] [2]
Detection
Detectable by Common Defenses (Yes/No/Partial): No
Explanation: Most of this activity would target partners and business processes. Partners would not report. Difficult to tie this activity to a cyber attack.
Difficulty for the Adversary
Easy for the Adversary (Yes/No): No
Explanation: Mapping joint infrastructure and business processes is difficult without insider knowledge or SIGINT capability. While a merger creates and opportunity to exploit potentially cumbersome or sloppy business processes, advance notice of a merger is difficult; merger information is typically close-hold until the deal is done.
References
- Ben Rossi. (2014, August 29). Mergers and acquisitions: a new target for cyber attack. Retrieved March 6, 2017.
- Holly Meidl. (2015, December 16). How Health Care Companies Can Reduce the Risk of Cyber-Attack During Mergers and Acquisitions. Retrieved March 6, 2017.