Could IS Create A Cyber War?

The power is out. Gas stations are out of gas. Factories are going haywire. It sounds like an action movie, but some analysts say that US and western industries need to significantly ramp up their cyber security or risk having the Islamic State (IS) hack, attack and create mayhem inside their systems.

"This is definitely a threat to the US government and other western governments, but also to our industrial control systems, the ones that run our manufacturing plants, moving energy across the country, that have vulnerabilities," said Bob Gourley, the former chief technology officer of the Defense Intelligence Agency.

Unlike cyberattacks by Russia and China, Gourley said, groups like IS are less interested in just extracting information and more interested in disrupting essential systems.

As yet, he added, IS militants are not as capable as some criminal networks or rival nations, "but IS has more capabilities that any other terrorist organization that I know of. And they can gain more."

So far, IS has established itself as a leader in using Internet-based communications and social media to both send encrypted information and recruit thousands of people from more than 80 countries around the world.
"We are in a new age of this threat," Gourley said, "and the most important thing is we need to defend our systems better than they are currently being defended."

Clifton Triplett, recently named the Office of Personnel Management's senior cyber and information technology adviser, said he is already working to limit any kind of IS breach into the government department. "I think what I have to do is … assume that, at some point in time, they may be successful," Triplett said at a conference organised by Bloomberg Government. "So how do I minimize the impact of their success? Right now, that really comes into access control."

OPM suffered a major hack earlier in 2015, resulting in the disclosure of private information of some 21.5 million people, including those who applied for security clearances.

Anticipating IS
But Al Berman, president and CEO of Disaster Recovery Institute International, which covers IT disasters, said it would be dangerous to assume that IS would stop at communication and marketing.
 
This screen grab from an Islamic State group-affiliated Twitter account, taken Sept. 20, 2014, purports to show a military commander handing a flower to a child while visiting southern Iraq

One path of attack that IS could take, Berman said, would be to siphon money from institutions — perhaps in the US, perhaps in the Middle East — in order to increase their funding as the extremist group's oil and tax money streams start drying up. "Money is incredibly important, and they will find other means if we shut down their traditional means," Berman said. And IS does not have to do the hacking itself, it just needs to buy the information from hacking-obtained information auctions on the dark web.
Berman said IS could start to further refine their "social engineering" or "emotional marketing" techniques, basically by using the Internet in more sophisticated ways to track down and entice potential young recruits.

Vulnerable universities
For that, IS could hack into universities or buy information on the dark web from universities that have already been hacked. According to Privacy Rights Clearinghouse, a California-based nonprofit that focuses on privacy protection, in the last five years hackers have accessed more than 2.5 million records from colleges and universities in the United States alone.

John Matherly, founder of Shodan, a search engine for Internet-connected devices, said exploiting student information would be far more likely than an IS attack on a facility such as a water treatment plant.

"Universities and educational institutions tend to have the worst security by far because they have these giant IP ranges. So students use a public IP address that anyone can see, and everything is exposed," Matherly said.

But hackers such as IS do not have to be sophisticated to be damaging, Matherly said. Unpatched web-servers, unprotected utility software accounts, individuals not keeping up with security updates, and even Instagram accounts could be easily attacked.

Ein News:

 

« Understanding the Threat Intelligence Lifecycle
The Secure Perimeter Cybersecurity Model Is Broken »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Code Decode Labs

Code Decode Labs

Code Decode Labs provides consulting for IT Technology, Cyber Security, Advanced Defense & Policing Technologies, Intelligent Networks, and Information Security.

Cloud Security Alliance (CSA)

Cloud Security Alliance (CSA)

The CSA is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing

Astra Security

Astra Security

Astra's website security solution provides real-time protection against malware, hackers, SQLi, XSS, DDoS, LFI and RFI.

L J Kushner & Associates

L J Kushner & Associates

L.J. Kushner is a leading Information Security recruiting firm.

Innotec Security

Innotec Security

Innotec Security is a Spanish company specializing in cybersecurity-as-a-service, cyber resilience and cyber risk management.

ECOMPLY

ECOMPLY

ECOMPLY is an all-in-one GDPR Compliance Solution. Efficient data protection management system for businesses and DPOsomply.

Aspisec

Aspisec

Aspisec is a cybersecurity company specialized in Firmware Security and Critical Infrastructure Protection.

Altaro Software

Altaro Software

Altaro provide backup solutions that are intuitive, easy to use, well-priced and backed by outstanding 24/7 support as part of the package.

CentricalCyber

CentricalCyber

CentricalCyber is a cyber risk consultancy and NIST CSF specialist set up to help business leaders better understand and manage cyber risk.

Nostra

Nostra

Nostra are a next generation managed services provider with a constant focus on Security and Business Continuity.

Centre for Cyber Security Research and Innovation (CSRI) - Deakin University

Centre for Cyber Security Research and Innovation (CSRI) - Deakin University

CSRI solves the cyber security threats of tomorrow, today. We work with industry and government leaders on innovative research that has real-world impact.

North West Cyber Resilience Centre (NWCRC)

North West Cyber Resilience Centre (NWCRC)

The North West Cyber Resilience Centre is a trusted, not-for-profit venture between Greater Manchester Police and Manchester Digital.

Ampsight

Ampsight

Ampsight specializes in enabling cloud integration, securing data, and navigating complications that drive critical-mission success.

Securitribe

Securitribe

Securitribe provides cybersecurity and compliance solutions, including vCISO services, ISO27001, and ASD Essential 8 advisory, helping businesses and government strengthen security & compliance.

Texas Cyber Solutions

Texas Cyber Solutions

Texas Cyber Solutions are elite cybersecurity advisors based in Houston, Texas providing network security solutions, penetration testing, and more.

DOT Security

DOT Security

DOT Security provides advanced security services for businesses of all sizes.