APT and Cyber War 49 Cannibalistic Mutant Underground Malware More serious than the 1984 New World Pictures film about cannibalistic human- oid underground dwellers, the newest breed of malware is a real threat. It is mal- ware with a mind: using conditional logic to direct activity based on its surrounding until it finds itself in the perfect conditions in which it will best accomplish its goal (spread, stay hidden, deploy a weapon, etc.). Again, Stuxnet's goal was to find a par- ticular industrial process control system: it spread widely through all types of net- works, and only took secondary infection measures when the target environment (SIMATIC) was found. Then, it again checked for particular PLC models and ver- sions, and if found it injected process code into the PLC; if not, it lay dormant. Malware mutations are also already in use. At a basic level, Stuxnet will update itself in the wild (even without a C2 connection), through peer-to-peer checks with others of its kind: if a newer version of Stuxnet bumps into an older version, it updates the older version, allowing the infection pool to evolve and upgrade in the wild. 33 Further mutation behavior involves self-destruction of certain code blocks with self-updates of others, effectively morphing the malware and making it more tar- geted as well as more difficult to detect. Mutation logic could include checking for