Could IS Create A Cyber War?

Uploaded on 2015-12-23 in NEWS-Cybersecurity News, INTELLIGENCE--International, GOVERNMENT-Defence, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, BUSINESS-Production-Utilities, BUSINESS-Production-Manufacturing, BUSINESS-Production-Energy

The power is out. Gas stations are out of gas. Factories are going haywire. It sounds like an action movie, but some analysts say that US and western industries need to significantly ramp up their cyber security or risk having the Islamic State (IS) hack, attack and create mayhem inside their systems.

"This is definitely a threat to the US government and other western governments, but also to our industrial control systems, the ones that run our manufacturing plants, moving energy across the country, that have vulnerabilities," said Bob Gourley, the former chief technology officer of the Defense Intelligence Agency.

Unlike cyberattacks by Russia and China, Gourley said, groups like IS are less interested in just extracting information and more interested in disrupting essential systems.

As yet, he added, IS militants are not as capable as some criminal networks or rival nations, "but IS has more capabilities that any other terrorist organization that I know of. And they can gain more."

So far, IS has established itself as a leader in using Internet-based communications and social media to both send encrypted information and recruit thousands of people from more than 80 countries around the world.
"We are in a new age of this threat," Gourley said, "and the most important thing is we need to defend our systems better than they are currently being defended."

Clifton Triplett, recently named the Office of Personnel Management's senior cyber and information technology adviser, said he is already working to limit any kind of IS breach into the government department. "I think what I have to do is … assume that, at some point in time, they may be successful," Triplett said at a conference organised by Bloomberg Government. "So how do I minimize the impact of their success? Right now, that really comes into access control."

OPM suffered a major hack earlier in 2015, resulting in the disclosure of private information of some 21.5 million people, including those who applied for security clearances.

Anticipating IS
But Al Berman, president and CEO of Disaster Recovery Institute International, which covers IT disasters, said it would be dangerous to assume that IS would stop at communication and marketing.
 
This screen grab from an Islamic State group-affiliated Twitter account, taken Sept. 20, 2014, purports to show a military commander handing a flower to a child while visiting southern Iraq

One path of attack that IS could take, Berman said, would be to siphon money from institutions — perhaps in the US, perhaps in the Middle East — in order to increase their funding as the extremist group's oil and tax money streams start drying up. "Money is incredibly important, and they will find other means if we shut down their traditional means," Berman said. And IS does not have to do the hacking itself, it just needs to buy the information from hacking-obtained information auctions on the dark web.
Berman said IS could start to further refine their "social engineering" or "emotional marketing" techniques, basically by using the Internet in more sophisticated ways to track down and entice potential young recruits.

Vulnerable universities
For that, IS could hack into universities or buy information on the dark web from universities that have already been hacked. According to Privacy Rights Clearinghouse, a California-based nonprofit that focuses on privacy protection, in the last five years hackers have accessed more than 2.5 million records from colleges and universities in the United States alone.

John Matherly, founder of Shodan, a search engine for Internet-connected devices, said exploiting student information would be far more likely than an IS attack on a facility such as a water treatment plant.

"Universities and educational institutions tend to have the worst security by far because they have these giant IP ranges. So students use a public IP address that anyone can see, and everything is exposed," Matherly said.

But hackers such as IS do not have to be sophisticated to be damaging, Matherly said. Unpatched web-servers, unprotected utility software accounts, individuals not keeping up with security updates, and even Instagram accounts could be easily attacked.

Ein News:

 

« Understanding the Threat Intelligence Lifecycle
The Secure Perimeter Cybersecurity Model Is Broken »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

AppRiver

AppRiver

AppRiver is a global provider of cloud-based email and web security solutions that protect businesses worldwide from today's ever-changing online threats.

SonicWall

SonicWall

SonicWall provide products for network security, access security, email security & encryption.

CyberPilot

CyberPilot

CyberPilot ApS is a Danish cybersecurity company. We work with all types of companies and organisations, both large and small, who want to achieve effective cybersecurity.

PETRAS IoT Hub

PETRAS IoT Hub

PETRAS is a consortium of 12 research institutions and the world’s largest socio-technical research centre focused on the future implementation of the IoT.

CommuniTake

CommuniTake

CommuniTake builds security, enablement, and management solutions to provide people and organizations with better, and more secure mobile device use.

Cyber Seguridad (Cyberseg)

Cyber Seguridad (Cyberseg)

Cyberseg provides specialized Cybersecurity services, including managed services (SOC / CERTs) and solutions for the protection of critical infrastructures.

Tenfold Software

Tenfold Software

Tenfold is the unique, centralized platform for managing user and permissions efficiently and automatically.

Ledger

Ledger

Ledger is a leader in security and infrastructure solutions for cryptocurrencies and blockchain applications using its proprietary technology.

CyberSAFE Malaysia

CyberSAFE Malaysia

CyberSAFE Malaysia is an initiative to educate and enhance the awareness of the general public on the technological and social issues and risks facing internet users.

Scout Ventures

Scout Ventures

Scout Ventures is an early stage venture capital firm that is making the world a better, safer place by cultivating standout frontier technologies.

BrandShelter

BrandShelter

BrandShelter specializes in providing online brand protection for companies and trademark owners.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CornerStone

CornerStone

CornerStone is an award winning, independent risk, cyber and security consulting firm providing a range of Risk Management, Security Design and Implementation Management Services.

GoPro Consultants

GoPro Consultants

GoPro Consultants is an IT Consultancy and IT Managed services provider Globally with immeasurable expertise of IT professionals in Hardware/Support & Consultancy and Project Planning.

Menaya

Menaya

Menaya provide Ethical Hackers for leading companies while also providing cyber security solutions to help major infrastructures protect against cyber crime.

NetApp

NetApp

The NetApp portfolio includes intelligent cloud services, data services, and storage infrastructure that helps organizations manage applications and data everywhere across hybrid cloud environments.