CASE STUDY

Insider Threat: Preventing Destruction During M&A Activity

by | Apr 8, 2020 | Case Study, Outside Intel, TPRM Exposure

The Challenge

A global technology company (the Client) was in the process of divesting a previous acquisition. Upon learning of the divestiture plan , the key executives at the acquisition company threatened to destroy corporate infrastructure if the company was not sold back to the original founders at a lower price.

Why Nisos

Working with the Client’s inside and outside counsel, we needed to use our all-source investigative and technical resources to infiltrate the divestiture’s environment and ensure the integrity of sensitive infrastructure and protect sensitive data over the course of the two weeks divestiture proceedings.

Preparation

We were granted access to the network through a previous auditor’s credentials. This access was used to probe the infrastructure and piece together the location of the data stores and the business application’s source code.

We provided this information to the Client in order to plan a course of action and identify personnel within the divestiture that could provide further access. After conferring with the identified key personnel within the divestiture, Nisos was given full access to data stores and infrastructure to proceed with execution of monitoring and containment.

Execution

Over the course of a week, we were able to backup all of the application source code and customer databases. We also put in place a system of tailored monitoring to ensure no one was trying to exfiltrate or destroy data – measures designed to persist for the two weeks leading up to the sale.

Once the system was in place, we played the role of de facto administrators, utilizing proprietary monitoring and containment scripts to achieve confidence in the integrity and stability of the environment.

After the sale was executed, and as the announcement was made during an all-hands meeting, we removed everyone’s access to the application, source code, devices and infrastructure. We then filtered new accesses to trusted individuals and those staying aboard the divestiture.

Impact

The Client’s sale price was several times higher than it would have been had it sold to the original co-founders. Nisos saved the Client millions by preserving the infrastructure, preventing data loss, and giving the Client time to achieve a deal with the new buyers.

About Nisos

Nisos is the Managed Intelligence company. Our services enable security, intelligence, and trust and safety teams to leverage a world-class intelligence capability tailored to their needs. We fuse robust data collection with a deep understanding of the adversarial mindset delivering smarter defense and more effective response against advanced cyber attacks, disinformation, and abuse of digital platforms.

For additional information, contact info@nisos.com

Adversary Research
Discovering the methods, motives and identity of threat actors to disrupt attacks 
Reputation Defense
Technical guidance for countering disinformation and slanderous attacks 
Trust & Safety
Intelligence to secure business operations and defend against fraud, abuse and e-crime 
TPRM Exposure
Adversary-centric intelligence to address supplier, M&A and investment risks 
Outside Intel
Research for defending outside the firewall that leverages tier 3 intelligence programs 
Executive Shield
Assessment of threats to key personnel with attribution and PII takedown  
Adversary Insights Retainer℠
Annual retainers for client-driven inquiries and rapid-response research 
Intelligence Team as a Service
Collaborative engagement providing robust intelligence and tier 3 cyber analysts  
Event-Driven Intel Investigations
Multidimensional security fact-finding that delivers insights into adversary behavior 
On Demand Threat Research
Proactive and preventative investigations that reveal threat actor context and risk correlations 
Investment Zero Touch Diligence℠
Project-based discovery to assess risk for investments, IPO, Mergers and Acquisitions 
TPRM Zero Touch Diligence℠
Subscription assessment of external network hygiene, key personnel, and non-traditional business risks