Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

FBI Warns That Ransomware Gangs Target Companies During Mergers and Acquisitions, Threatening To Disclose Non-Public Information

Wednesday, November 17, 2021

Categories: ASCF News Emerging Threats

Comments: 0

Source: https://www.cpomagazine.com/cyber-security/fbi-warns-that-ransomware-gangs-target-companies-during-mergers-and-acquisitions-threatening-to-disclose-non-public-information/

Photo: cpomagazine

The Federal Bureau of Investigation (FBI) issued a private industry notification (PIN) warning that ransomware gangs were targeting companies involved in “time-sensitive financial events” like mergers and acquisitions.

According to the bureau, the gangs search for non-public financial information and threaten to publish it if the victims do not comply with ransom demands.

The agency notes that ransomware groups leverage impending events that could affect companies’ stock prices like announcements, mergers and acquisitions to force the victims to pay.

Ransomware gangs use stock market information to extort victims
The federal law enforcement agency enumerated several extortion attempts related to stock market information.

In 2020, threat actors negotiating a ransom payment threatened to leak the victim’s data to the NASDAQ stock exchange and “see what’s gonna happen” to the stocks.

These extortion attempts occurred after a threat actor using an alias “Unknown” encouraged others on the Russian hacking forum “Exploit” to use information from the NASDAQ to coerce their victims into paying the ransom.

Similarly, three publicly traded US companies involved in mergers and acquisitions fell victims to ransomware gangs between March and July 2020.

An analysis of the Pyxie remote access trojan (RAT) found that the malware variant searched for stock information using keywords like 10-q1, 10-sb2, n-csr3, Marketwired, NASDAQ, and Newswire. Threat actors use the backdoor in Defray777 and RansomEXX ransomware attacks.

Also, the Darkside ransomware gang posted a message on its data leak site stating that its “team and partners encrypt many companies that are trading on NASDAQ and other stock exchanges.”

The group requested interested parties to make inquiries about such companies, promising that “if the company refuses to pay, we are ready to provide information before the publication.”

Similarly, REvil/Sodinokibi ransomware gang disclosed it was planning to add an auto-emailer to contact stock exchange platforms and inform them that the victim had suffered a ransomware attack.

Insider information has significant value on the underground markets. In 2015, nine people faced charges for hacking Newswire to steal unpublished corporate information. Similarly, a Californian man faced charges after allegedly selling insider information on the dark web in 2016 and 2017.

“It should come as no surprise that hackers can access all kinds of sensitive information once they’ve compromised an organization’s systems or a user’s account,” noted Ariel Zommer, Sr. Product Manager at OneLogin. ‘Financial and M&A data are some of the most proprietary information an organization can have. And with global M&A activities hitting an all-time record in 2021, ransomware gangs are – once again – demonstrating their ability to quickly adapt their tactics based on market conditions.”

Victims are more likely to pay during mergers and acquisitions
According to the FBI warning, ransomware gangs gained leverage on companies during mergers and acquisitions because the victims try to avoid investor backlash.

The ransomware gangs meticulously select their victims and adjust extortion timelines to coincide with significant financial events.

“The FBI assesses ransomware actors are very likely using significant financial events, such as mergers and acquisitions, to target and leverage victim companies for ransomware infections.”

Erich Kron, Security Awareness Advocate at KnowBe4, noted that the timing of the attack ensures that the ransomware gangs cause the most damage.

“Timing ransomware attacks to cause disruptions at specific times to improve the chance of a payout is not a new tactic; however, for organizations involved in mergers and acquisitions, it is an important one to be aware of,” Kron continued. “Unlike early strains of ransomware that automatically and indiscriminately encrypted any files it could locate, the new versions of ransomware involve significant human action before beginning the encryption phase.”

According to the FBI, “If victims do not pay a ransom quickly, ransomware actors will threaten to disclose this information publicly, causing potential investor backlash.”

Jack Chapman, VP of Threat Intelligence at Egress, agrees that ransomware gangs are always looking for ways to “motivate” their victims to pay, knowing that the more pain and pressure they apply, the bigger the chance of success.

By targeting organizations in the middle of sensitive financial events such as mergers and acquisitions, ransomware gangs expect their attacks to have a higher impact because they can negatively impact the victim’s share price.

“Ransomware gangs will stop at nothing to ensure their attacks succeed – and for organizations at risk of attack, that should be a big concern,” FBI says.

However, the FBI discouraged companies from caving to those demands and report any attempted extortion to help bring the perpetrators to book. Additionally, paying the ransom encourages ransomware gangs to attack more companies involved in mergers and acquisitions using similar tactics.

Bowing to ransomware gangs’ demands does not guarantee data recovery or prevent the criminals from selling insider information to third parties. The FBI also encouraged network defenders to harden their networks to prevent ransomware gangs from gaining access.

However, the FBI acknowledged that executives face difficult choices when their businesses cannot function after an attack, advising the business leaders to consider all options to protect their shareholders, customers, and employees.

“In cases where SEC filings or regulatory bodies are involved, even if you pay the ransom, it is still a data breach once the information is stolen,” Kron explained. “Organizations, especially those coming into sensitive times such as those around a merger or acquisition, are wise to put focus on preventing these attacks by dealing with the most common attack vectors for ransomware, phishing emails, and remote access portals.”

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.

Search