NIST 800-53 tells us that the objectives of advanced persistent threats (APT) “typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future.”
Under what circumstance might an APT choose to utilize a foothold that has remained undetected? A recent advisory from the Cybersecurity and Infrastructure Security Agency (CISA) is a stark warning that all organizations should be evaluating their security posture before it is too late.
From the CISA Advisory:
“Most recently, public and private entities in Ukraine have suffered a series of malicious cyber incidents, including website defacement and private sector reports of potentially destructive malware on their systems that could result in severe harm to critical functions. The identification of destructive malware is particularly alarming given that similar malware has been deployed in the past—e.g., NotPetya and WannaCry ransomware—to cause significant, widespread damage to critical infrastructure.”