The current state of organized transnational criminal and cyber espionage groups are becoming more robust. CIO's and corporate "Active Defense" teams are gearing up for a continuous barrage of new exploits and phishing vectors. Operational Risk Management is more of a priority than in recent years.
A Symantec report by Stephen Doherty, Jozsef Gegeny, Branko Spasojevic, Jonell Baltazar highlights the latest:
The Hidden Lynx group has been in operation since at least 2009 and is most likely a professional organization that offers a “hackers for hire” service. They have the capability to attack many organizations with concurrently running campaigns. They operate efficiently and move quickly and methodically. Based on these factors, the Hidden Lynx group would need to be a sizeable organization made up of between 50 and 100 individuals. The members of this group are experts at breaching systems. They engage in a two-pronged strategy of mass exploitation and pay-to-order targeted attacks for intellectual property using two Trojans.
The Bit9 incident is one of a few documented targets by this organized team known as "Hidden Lynx." They are no different than those known "Base" groups in 2001 who have attacked our nation by hijacking airplanes. Hidden Lynx exploits the little known weaknesses in the design, implementation or configuration of ICT systems, instead of our transportation and border protection controls. Their trade craft for cyber espionage and potential sabotage is characteristic of an organized set of professional fraudsters, bank robbers, special operators and intelligence professionals.
So what does this mean to the average Fortune or Inc. 500 company with a dedicated IT and Information Security Task Force? It is time to call in reinforcements and to realize that you are already behind the curve of the OODA Loop. The enterprise executives who are now tasked with reporting material losses and other adverse events to shareholders, understand the magnitude and the expenses involved to remediate a significant breach.
The cyberspace narrative is changing in the U.S. after the transparency of significant requests by law enforcement for intelligence information on U.S. persons. Private sector companies will be more open about how many times information was requested. An open public debate will heighten the dialogue to a level not possible before and will produce a faster response to the necessary change in policies, both public and private. The citizens rights and the equilibrium necessary to protect those same citizens will be the crux of the dialogue.
While the debate continues, "Hidden Lynx" will continue to operate and this transnational criminal group will grow stronger. Our U.S. critical infrastructure assets may be subjected to new attacks that produce additional losses and damage to shareholder equity. Policy makers continue to work in joint sessions with public agencies and private enterprise to craft the right mix of new disclosure requirements. Operational Risk professionals know one thing for certain. The pace and magnitude of the attacks will increase. How and when we counter is still in major debate. In the mean time, "Hidden Lynx" will continue to be in the cross hairs of the professionals in Ft. Meade, Chantilly, Pittsburgh and Orange County.