CASE STUDY

External Hygiene Assessment Delivers Valuable Insight Prior to Company Acquisition

by | Nov 13, 2020 | Case Study, TPRM Exposure

The Challenge

Nisos was contracted to conduct cybersecurity diligence and an assessment of external network hygiene for a cybersecurity company’s acquisition target.

Why Nisos

Although the client, a cybersecurity company, leverages many of the same services as Nisos, they understood that Nisos’ analytical rigor and access to external data collection would allow them to gain greater insight and optimize the evaluation of their acquisition target. Utilizing publicly available information, third party datasets, and partner relationships, Nisos was able to discover and assess the target of acquisition’s cyber assets and provide the client with a comprehensive understanding of areas of concern and indicators of compromise.

Preparation

Nisos began the investigation knowing eight registered domain names of the acquisition target. Nisos had no existing insight into the company’s overall cyber posture. The investigation revealed extensive information about the acquisition’s cyber-security maturity and the breadth of their cyber assets.

Execution

Nisos identified several ties to entities that were not publicly affiliated with the acquisition target. The investigation, conducted on the public internet, uncovered IP addresses directly associated with the target’s office. This led to the identification of specific infrastructure which would likely be targeted by an advanced attacker. Nisos also identified a server providing remote access to the target’s office network and users of a Docker instance created by the target, one of which was running default credentials.

Although the instance did not appear to belong to the target, an attacker could leverage it to gain control over a customer. It could also be used as an access vector in a breach of someone using the target’s software. A compromise of this sort could negatively impact the target’s brand reputation and ability to generate new clients. The investigation ultimately determined that the organization’s cyber-security maturity was high, which is uncommon for organizations of similar size, but consistent with the target’s cybersecurity background.

Impact

Based on Nisos findings and recommendations, the acquiring company immediately and transparently began remediation. Recommended remediation actions included removing public permissions, enforcing two factor authentication for console access, and limiting access to Kubernetes ingress controller only via whitelisting IP addresses. Throughout the process, Nisos shared best practices and additional guidance with the client and the acquisition target. 

About Nisos

Nisos is the Managed Intelligence company. Our services enable security, intelligence, and trust and safety teams to leverage a world-class intelligence capability tailored to their needs. We fuse robust data collection with a deep understanding of the adversarial mindset delivering smarter defense and more effective response against advanced cyber attacks, disinformation, and abuse of digital platforms.

For additional information, contact info@nisos.com

Adversary Research
Discovering the methods, motives and identity of threat actors to disrupt attacks 
Reputation Defense
Technical guidance for countering disinformation and slanderous attacks 
Trust & Safety
Intelligence to secure business operations and defend against fraud, abuse and e-crime 
TPRM Exposure
Adversary-centric intelligence to address supplier, M&A and investment risks 
Outside Intel
Research for defending outside the firewall that leverages tier 3 intelligence programs 
Executive Shield
Assessment of threats to key personnel with attribution and PII takedown  
Adversary Insights Retainer℠
Annual retainers for client-driven inquiries and rapid-response research 
Intelligence Team as a Service
Collaborative engagement providing robust intelligence and tier 3 cyber analysts  
Event-Driven Intel Investigations
Multidimensional security fact-finding that delivers insights into adversary behavior 
On Demand Threat Research
Proactive and preventative investigations that reveal threat actor context and risk correlations 
Investment Zero Touch Diligence℠
Project-based discovery to assess risk for investments, IPO, Mergers and Acquisitions 
TPRM Zero Touch Diligence℠
Subscription assessment of external network hygiene, key personnel, and non-traditional business risks