ISIS Is Tooling Up For Cyber Jihad

Uploaded on 2016-08-10 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Utilities

Islamic terrorists are arming themselves with the technical tools and expertise to attack the online systems underpinning Western companies and critical infrastructure, according to a new study from the Institute for Critical Infrastructure Technology.

The goal of the report was to bring awareness to "a hyper-evolving threat" said James Scott, ICIT co-founder and senior fellow.

Dark web marketplaces and forums make malware and tech expertise widely available and, with plenty of hackers for hire and malware for sale, technical skills are no longer required. A large-scale attack could be just around the corner, said Scott.

"These guys have the money to go on hacker-for-hire forums and just start hiring hackers," he said.

US authorities are well-aware of the rising threat posed by Islamic terrorists armed with advanced cyber-tools. In April, Defense Secretary Ashton Carter declared a cyberwar against the Islamic State group, or ISIS. 

Ransomware chatter rose to prominence on dark web jihadi forums around the fall of 2015 and continues to be a topic of debate, particularly among members of ISIS and Boko Haram.

"I had the same position that I have right now with this in December of last year with regards to ransomware hitting the health-care sector," said Scott. "We were seeing the same exact thing."

Much of the chatter on jihadi chat boards comes from Europeans and Americans, often social outcasts living vicariously through the online reputation of their handle, including disenfranchised teens or jailhouse Muslim converts turned radicals, Scott said. They may not have strong coding skills, but they have access to Western institutions and businesses and are looking to leverage that access to serve ISIS.

An example of the sort of conversation that takes place on Islamic dark web forums involved a cleaner in Berlin who worked the overnight shift and wanted to know how they could help, said Scott. Others chimed in, explaining how the janitor could load malware onto a USB device and plug it into a computer to allow them to remotely hack into the network.

"That is the kind of insider threat that we are going to be facing," said Scott. "That is what they are seeing as the next step, an army of insider threats in the West."

Though not known for being particularly sophisticated in their use of technology, beyond the use of encrypted messaging services and creating malicious apps, Islamic terrorists are now aggressively seeking ways to bridge gaps in their knowledge, said Scott. This may come in the form of hiring hackers, recruiting tech-savvy teens and educating new recruits.

"They are rapidly compensating for that slower part of their evolution," said Scott. For example, ISIS operates what can best be described as a 24-hour cyber help desk, staffed by tech-savvy recruits around the globe. There are always about six operatives available to address questions, for example, about how to send encrypted messages, and strategize about how to leverage local access into cyberattacks. They also share tutorials, cybersecurity manuals and YouTube links, and try to recruit other techies, said Scott.

"It is obvious that cyber jihadists use dark web forums for everything, from discussing useful exploits and attack vectors, to gaining anonymity tips and learning the basics of hacking from the ISIS cyber help desk," he said. "Setting up properly layered attacks is incredibly easy even if one has a modest budget. 

All one needs is a target and a reason."

CNBC:

 

« Defensive Measures: Estonia Will Store Citizens’ Data In The UK
Banks Look Up To The Cloud »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Micro Focus

Micro Focus

Micro Focus is one of the world’s largest enterprise software providers. We deliver trusted and proven mission-critical software that keeps the digital world running.

IMS Networks

IMS Networks

IMS Networks specializes in the design and management of high criticality networks and telecoms services including network security and Managed Security Services.

Military Cyber Professionals Association (MCPA)

Military Cyber Professionals Association (MCPA)

MCPA are a team of Soldiers, Sailors, Airmen, Marines, Veterans and others interested in the development of the American military cyber profession.

Athena Dynamics

Athena Dynamics

Athena Dynamics focuses on Cyber Security, especially in Critical Information Infra-structure Protection and Enterprise IT Operation Management products and Services.

Silensec

Silensec

Silensec is a management consulting, technology services and training company specialized in information security.

Real Random

Real Random

Real Random is on a mission to enhance existing and new crypto-systems with its revolutionary solution to generating numbers that are Truly Random.

Reed

Reed

reed.co.uk is a leading job site in the UK, providing a full online service for anyone looking for a new job.

Delfigo Security

Delfigo Security

Delfigo Security, a pioneer in intelligent authentication, provides a strong, multi-factor authentication solution to prevent identity theft and reduce fraud.

Kasm Technologies

Kasm Technologies

Kasm Browser Isolation - Protect your organization from malware, ransomware and phishing by using zero-trust containerized browsers.

L3Harris Technologies

L3Harris Technologies

L3Harris Technologies is a global aerospace and defense technology innovator, delivering solutions to meet mission-critical needs across air, land, sea, space and cyber domains.

Securolytics

Securolytics

Securolytics offers the simplest, most complete and affordable IoT security for all organizations. Securolytics quickly identifies unmanaged devices to reduce security and compliance risks.

TopSOC Information Security

TopSOC Information Security

TopSOC Information Security provide a wide range of security consultation, implementation and training services.

443ID

443ID

443ID brings OSINT data to Identity Security professionals on any digital platform.

DruvStar

DruvStar

DruvStar provides B2B cybersecurity around threat management to strengthen businesses across attack vectors.

Smarsh

Smarsh

Smarsh products are designed for user-friendly, efficient compliance. From archiving, supervision, and discovery to cybersecurity – Smarsh has you covered.

Worksent Technologies

Worksent Technologies

Worksent is a Trusted white-label offshore support partner for MSPs and MSSPs.