From suppliers and technology providers to contractors and legal advisors, the services of third parties help organizations fill gaps in their in-house capabilities and focus on core aspects of their operations. However, by entrusting third parties with certain activities, organizations cede a certain degree of control, and thus take on risk.
Flashpoint combines extensive knowledge of the cyber and physical threat landscapes with targeted monitoring of online illicit communities and chat services to help organizations proactively address and mitigate a broad spectrum of third-party risks, some of which pertain to:
MERGERS & ACQUISITIONS (M&A)
Information pertaining to mergers and acquisitions has long appealed to cybercriminals interested in insider trading and corporate espionage. In the past, cybercriminals in search of M&A information would directly target companies they suspected might be involved in an upcoming merger or acquisition. However, as stronger defenses have made such companies more difficult to penetrate in recent years, cybercriminals seeking to obtain this information have increasingly attempted to do so via softer targets, such as law firms and other third parties involved in these transactions.
Flashpoint’s visibility into online illicit communities helps organizations undergoing M&A engagements to address third-party risk proactively. In one instance, Flashpoint analysts observed an actor on a top-tier Russian-language forum express interest in penetrating M&A law firms. Flashpoint continued to monitor this actor, who soon revealed complex phishing, insider trading, and money-laundering schemes targeting proprietary M&A information from 48 top-tier U.S. law firms. Armed with this intelligence, Flashpoint immediately notified the authorities and named law firms so they could safeguard valuable information and uphold the integrity of their engagements.
SUPPLY CHAIN VULNERABILITIES
Given the increasing number of companies opting to outsource, supply chain security has become a critical concern across all sectors. While outsourcing to third parties can increase efficiency and lower costs, it often prevents companies from having full visibility into their partners’ security controls and development processes. This lack of visibility may expose an organization to unnecessary risk that could threaten the integrity of their products, or put proprietary or customer data at risk.
In one instance, Flashpoint identified a serious vulnerability present within millions of Internet of Things (IoT) devices that rendered them susceptible to exploitation by the Mirai botnet and subsequent DDoS attacks. Analysts traced the vulnerability to an upstream supplier contracted by many technology companies to manufacture components of their products. Flashpoint immediately alerted companies affected by the vulnerability so they could administer patches, issue recalls, and enforce stricter quality controls and security standards on supply chain partners.
In recent years, it has become increasingly common for companies to work with third-party contractors, consultants, or advisors who in many cases function as an extension of their client’s teams. These individuals are often viewed as trusted users and granted access to their clients’ internal systems. By blurring the lines between company insiders and outsiders, these types of business engagements can introduce risks posed by third-party insiders. Flashpoint combines extensive knowledge of malicious insiders’ techniques, tactics, and procedures (TTPs) with targeted monitoring of online illicit communities to help organizations proactively detect and mitigate a broad spectrum of insider threats.
In one situation, Flashpoint analysts observed a threat actor seeking “financial industry staff” to supply “non-public investment information” on an illicit marketplace. The request garnered an affirmative response from an individual who claimed to be a contractor for a U.S. investment bank. Flashpoint conducted an extensive investigation of the suspected insider threat to confirm the individual’s identity and the validity of their claims. This intelligence enabled the bank to safeguard its clients’ information and work with law enforcement to take action against the contractor.