Cyber Caliphate's Scorecard

Uploaded on 2017-07-17 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW

Researchers say Islamic State's United Cyber Caliphate remains in its infancy when it comes to cyber-attack expertise.

Hackers operating within the Islamic State's United Cyber Caliphate may be well-versed and conversant in encrypted communications tools such as Telegram and WhatsApp, but they're still novices when it comes to their actual cyber-attack expertise.

While the online propaganda machines and presence of some of the world's most prominent terrorist groups appear technologically advanced and organised, their underlying cyber-attack tools and techniques are still rudimentary and limited, security researchers say. 

As such, they're not likely to disrupt a power plant with a cyber-attack any time soon like a nation-state could do, yet there is always a concern of their eventual partnering with more advanced and resourced attack groups to wreak physical or other damage via cyber-attacks.

Kyle Wilhoit, senior security researcher with DomainTools, has been studying the cyber capabilities of several terrorist groups. He found that the United Cyber Caliphate, the cyber arm of ISIS that has been in operation for nearly three years, employs techniques similar to those of a so-called script kiddie or fledgling hacker.
"Their relative overall technical expertise is low," he says.

The cyber terrorist group's denial-of-service attack MO is akin to a crowd-sourced attack not unlike Anonymous employed in its heyday, for instance. "Their denial-of-service attacks are being executed through Windows applications on multiple hosts, but not infected" bots or a botnet infrastructure, he says. In other words, they're mostly using their own, or supporters', machines to pummel websites with SYN or other flood attacks, for example

To cover its tracks, the terror group also employs domain-registration proxies for their online activity, he says, to help hide their real identities. 
"They are also leveraging what cybercriminals use," he says, test-driving malware development toolsets. "Just recently, with this research … I found them dabbling in the creation of malware."
Wilhoit spotted the Cyber Caliphate using the known underground crime toolkit Ancalog Exploit Builder to generate fake HTML pages to a command and control server. "That piece of malware looked like it was in the development phase. It wasn't weaponised," he says.
The terrorist group is most advanced when it comes to communicating among its members, he says. The members use the encrypted messaging platforms Telegram and WhatsApp to discuss and share information about hacking tools or targets they're going after, he says.
"Looking at their toolsets, I found that ultimately as it stands right now they don't have advanced enough technological capability to cause a major problem" or widespread damage, he says. "But that's not to say in the future" they couldn't become a bigger threat, he says.

Ken Wolf, senior analyst for cyber terror research at Flashpoint, concurs that the cyber terror groups are not skilled or sophisticated in their DoS attacks. His team also has spotted ISIS supporters in one top-tier ISIS forum employing a downloadable DoS tool they dubbed "Caliphate Cannon."
"It was written by a forum member" who appears to be an entry-level coder, he says. Members of the forum downloaded the tool and ran it from their machines in crowdsource-style, HTTP-flood DoS attacks against mainly Middle East government targets in January, for example.
"We've seen other cases where actors have been aggregating … open-source tools" for those attacks, he says. "But there's nothing that we've seen that's suggesting they are using those to inspire their own tool development," Wolf says.
"The greatest value that these actors provide is in their propaganda value," he says.

Ground Battle
It's unclear how the intensified ground battles in Raqqa, Syria and Mosul, Iraq, have affected the Islamic State's cyber powers. Wolf says his team of researchers hasn't seen any Telegram communications out of the United Cyber Caliphate (UCC) since late April, nor any real cyber activity. He says that could indicate manpower losses or other disruptions to their operations as a result of the ground battles.
"We've seen over the past year a few instances in which the United Cyber Caliphate or other groups aligned with it have announced members of their teams were killed in Syria. Most recently, in March, a UCC leader was killed in an airstrike in Syria," Wolf says. "But there's a lot of uncertainty who these actors are, or where they might be," whether on the ground fighting or elsewhere, he says.
Wilhoit says defending against cyber terror groups like the United Cyber Caliphate now doesn't require any different denial-of-service defenses than state-of-the-art firewalls and other best practices. "If you follow basic security precautions, most of these [attacks] can be blocked. They are not using infected botnets to perform denial-of-service attacks," and they are relatively small attacks, he says.
"I'm somewhat surprised that they are not further along than this," Wilhoit says of UCC's cyber-attack capabilities. 

Dark Reading:

You Might Also Read:

Islamic State On The Internet:

Islamic State's Social Media Strategy:

US And UK Agree To Take On Islamic State In Cyberspace:

« US Marines Embrace Cyber Warfare
Terrorist Activities On Social Media »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

eScan AV

eScan AV

eScan develops Information Security solutions that provide protection against current and evolving cyber threats.

Axial

Axial

Axial Systems is one of the UK’s leading solution providers and systems integrators in network, security and services.

Siscon

Siscon

Siscon delivers tailor-made compliance solutions that are based on the customer's specific wishes and reality and then supplement with many years of experience in the field.

Lynxspring

Lynxspring

Lynxspring provides edge-to-enterprise solutions and IoT technology for intelligent buildings, energy management, equipment control and specialty machine-to-machine applications.

Scientific Cyber Security Association (SCSA)

Scientific Cyber Security Association (SCSA)

The main goal of Scientific Cyber Security Association is the development of scientific and practical directions of cyber security.

Altipeak Security

Altipeak Security

Altipeak Security provide Safewalk - a flexible and robust authentication platform through which we offer improved security to SMBs, corporates, banks, insurance companies, healthcare and more.

PeopleSec

PeopleSec

PeopleSec specializes in the human element of cybersecurity with a comprehensive set of services designed to maximize your security by educating your workforce as a whole.

MetaCert

MetaCert

MetaCert’s Zero Trust browser software reduces the risk of organizations being compromised with a phishing-led cyberattack by more than 98%.

Datrix

Datrix

Datrix is a leading Smart Infrastructure and Cyber Security solutions provider. We deliver critical networking, communications and cyber security solutions to public and private sector organisations.

Presidio Identity

Presidio Identity

Presidio Identity offers a digital-native approach that brings security, privacy, and simplicity to user authentication and digital interactions.

ClearHub

ClearHub

The aim of ClearHub is simple: to give businesses like yours access to the best talent, all screened and technically tested by Clearvision’s expert team.

Visory

Visory

Great businesses depend on great technology. We make sure our clients go to market with enterprise-level technology and world-class security for their data and infrastructure.

Silence Laboratories

Silence Laboratories

Silence Laboratories is a cybersecurity company that focuses on the fusion of cryptography, sensing, and design to support a seamless authentication experience.

Flow Security

Flow Security

Enterprises run on data, Flow secures it at runtime. With a runtime-first approach, Flow is a game-changer in the data security space, securing data itself, beyond the infrastructure it resides in.

SecuLore

SecuLore

An innovator in public-safety-focused cybersecurity, SecuLore is dedicated to protecting critical infrastructure from cyber attacks.

Gibbs Consulting

Gibbs Consulting

Gibbs Consulting provides innovative, flexible, on-demand IT Services and IT Consulting that delivers value and successful outcomes for our clients.