FBI: Cyber Attacks Target Organizations Involved in Mergers and Acquisitions

A new notification from the FBI warns organizations of attacks at the perfect time when organizations are spending money, new people are being introduced, and operations are in flux.

Threat actors like nothing more than a dash of chaos when it comes to timing their attacks. If they can get the social engineering theming just right, that chaos – when added to a sense of urgency – causes individuals to rush and not think actions through properly. This allows cyber attacks to succeed far more often than they should.

According to the FBI notification, the threat actors responsible are very aware of who they are targeting: “During the initial reconnaissance phase, cyber criminals identify non-publicly available information, which they threaten to release or use as leverage during the extortion to entice victims to comply with ransom demands. Impending events that could affect a victim’s stock value, such as announcements, mergers, and acquisitions, encourage ransomware actors to target a network or adjust their timeline for extortion where access is established.”

Judging from the warning put out by the FBI’s Internet Complaint Center (IC3) earlier this month, cybercriminal gangs are using these major financial events as the perfect juncture for ransomware attacks involving extortion. Think about it – let’s take a fictitious public company being bought by a private investment firm. The entire cost of the deal revolves around the stock price. Now, if a ransomware attacker can succeed in stealing data from and encrypting the systems of the public company, having the public find out could cause the stock price to diminish – thus lowering the value of the company and its purchase price.

If your organization is going through a merger or acquisition (or planning to in the future), it’s imperative that you put up the strongest possible defense against ransomware – which includes the use of Security Awareness Training to include users in the defending against such attacks where malicious email content finds its’ way past security solutions and into the user’s inbox.

This blog originally appeared on the KnowBe4 website.

Stu Sjouwerman
About the Author
Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4 Inc, a provider of the most popular Security Awareness Training and Simulated Phishing platform. A serial entrepreneur and data security expert with more than 30 years in the IT industry, Sjouwerman is the author of four books, with his latest being “Cyberheist: The Biggest Financial Threat Facing American Businesses.” Along with his CEO duties, Stu is Editor-in-Chief of Cyberheist News, an e-zine tailored to deliver IT security news, technical updates, and social engineering alerts. Stu is a four-time Inc 500 award winner and EY Entrepreneur of the Year finalist.