Commentary from Coalfire Regarding US-CERT Warning on APT Attacks
October 2018 by Karl Steinkamp, Director, Coalfire
the Department of Homeland Security’s public warning to service providers that they are being targeted for APT attacks, the commentary from Karl Steinkamp, Director, Coalfire.
With increasing regularity, companies have been moving to third party service providers and/or cloud service providers (CSPs) to allow their organizations to refocus their limit personnel and assets on their core business and reduce their operational costs. By nature of the service provider business, many if not all of the entities have direct interaction and/or remote/local connectivity and access with their customers’ systems. Malicious individuals and nation state actors have realized the trend and are actively targeting IT Service Providers with a host of Advanced Persistent Threats (APTs) to get access to their customers. Efforts may include the use of advanced exploits or custom-defined zero-day vulnerabilities, as well as paired with highly targeted spear phishing and other social engineering techniques. Once obtaining a foothold, the malicious actors may write malicious code to evade detection.
On October 3rd 2018, the US-CERT, in coordination with the United States National Cybersecurity & Communications Integration Center (NCCIC), has issued a public warning, including a breakdown of recommended activities and tools based on the type of service provider. For organizations utilizing one or more third party IT Service Provider entities, Coalfire recommends that these service provider customers conduct their required due diligence and due care efforts as a part of their vendor management and risk management program, to continually evaluate their service providers’ cybersecurity and compliance status. Gaps in service provider cybersecurity and/or compliance may put their customers’ compliance in jeopardy, as many regulatory/compliance frameworks require it (PCI DSS v3.2.1 – Requirement 12.8, HITRUST 9.1 – Domain 14, etc.)