ISIS Is Tooling Up For Cyber Jihad

Uploaded on 2016-08-10 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Utilities

Islamic terrorists are arming themselves with the technical tools and expertise to attack the online systems underpinning Western companies and critical infrastructure, according to a new study from the Institute for Critical Infrastructure Technology.

The goal of the report was to bring awareness to "a hyper-evolving threat" said James Scott, ICIT co-founder and senior fellow.

Dark web marketplaces and forums make malware and tech expertise widely available and, with plenty of hackers for hire and malware for sale, technical skills are no longer required. A large-scale attack could be just around the corner, said Scott.

"These guys have the money to go on hacker-for-hire forums and just start hiring hackers," he said.

US authorities are well-aware of the rising threat posed by Islamic terrorists armed with advanced cyber-tools. In April, Defense Secretary Ashton Carter declared a cyberwar against the Islamic State group, or ISIS. 

Ransomware chatter rose to prominence on dark web jihadi forums around the fall of 2015 and continues to be a topic of debate, particularly among members of ISIS and Boko Haram.

"I had the same position that I have right now with this in December of last year with regards to ransomware hitting the health-care sector," said Scott. "We were seeing the same exact thing."

Much of the chatter on jihadi chat boards comes from Europeans and Americans, often social outcasts living vicariously through the online reputation of their handle, including disenfranchised teens or jailhouse Muslim converts turned radicals, Scott said. They may not have strong coding skills, but they have access to Western institutions and businesses and are looking to leverage that access to serve ISIS.

An example of the sort of conversation that takes place on Islamic dark web forums involved a cleaner in Berlin who worked the overnight shift and wanted to know how they could help, said Scott. Others chimed in, explaining how the janitor could load malware onto a USB device and plug it into a computer to allow them to remotely hack into the network.

"That is the kind of insider threat that we are going to be facing," said Scott. "That is what they are seeing as the next step, an army of insider threats in the West."

Though not known for being particularly sophisticated in their use of technology, beyond the use of encrypted messaging services and creating malicious apps, Islamic terrorists are now aggressively seeking ways to bridge gaps in their knowledge, said Scott. This may come in the form of hiring hackers, recruiting tech-savvy teens and educating new recruits.

"They are rapidly compensating for that slower part of their evolution," said Scott. For example, ISIS operates what can best be described as a 24-hour cyber help desk, staffed by tech-savvy recruits around the globe. There are always about six operatives available to address questions, for example, about how to send encrypted messages, and strategize about how to leverage local access into cyberattacks. They also share tutorials, cybersecurity manuals and YouTube links, and try to recruit other techies, said Scott.

"It is obvious that cyber jihadists use dark web forums for everything, from discussing useful exploits and attack vectors, to gaining anonymity tips and learning the basics of hacking from the ISIS cyber help desk," he said. "Setting up properly layered attacks is incredibly easy even if one has a modest budget. 

All one needs is a target and a reason."

CNBC:

 

« Defensive Measures: Estonia Will Store Citizens’ Data In The UK
Banks Look Up To The Cloud »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Vanguard Integrity Professionals

Vanguard Integrity Professionals

Vanguard Integrity Professionals is an independent provider of enterprise security software solutions that address complex security and regulatory compliance challenges.

Assured Information Security (AIS)

Assured Information Security (AIS)

AIS is committed to providing our customers with critical information security products, services, and training. We support diverse needs throughout business and industry.

GuidePoint Security

GuidePoint Security

GuidePoint Security provide information security solutions that enable commercial and federal organizations to more successfully achieve their security and business goals.

Auxilium Cyber Security

Auxilium Cyber Security

Auxilium Cyber Security is independent information security consultancy company providing cyber security services tailored to meet the evolving needs of organizations worldwide.

UNIDIR Cyber Policy Portal

UNIDIR Cyber Policy Portal

The UNIDIR Cyber Policy Portal is an online reference tool that maps the cybersecurity and cybersecurity-related policy landscape.

CyCognito

CyCognito

CyCognito empowers companies to take full control over their attack surface by uncovering and eliminating the critical security risks they didn't even know existed.

Assure IT

Assure IT

Assure IT is a Singapore company specialising in technology governance, risk and compliance.

National Cybersecurity Consortium (NCC) - Canada

National Cybersecurity Consortium (NCC) - Canada

The NCC’s mandate is to keep Canada’s cyber and critical infrastructures and citizens safe while ensuring Canada’s global competitiveness and leadership in cybersecurity.

GajShield

GajShield

GajShield Infotech provides Data Security Firewall solutions to Corporate’s and Government agencies.

Devolutions

Devolutions

Devolutions make best-in-class Privileged Access Management, Password Management, and Remote Connection Management solutions available to ALL organizations — including SMBs.

Tech Seven Partners

Tech Seven Partners

At TechSeven Partners, we provide a full suite of cyber security solutions for your business including network monitoring, onsite and cloud backup solutions, HIPAA or PCI compliance.

TetherView

TetherView

TetherView provides leading virtual desktop and email security technology to help businesses stand up and manage digital workspaces.

Cythera

Cythera

Cythera is an Australian cyber security company with in-house cyber security professionals providing world-class cyber protection to medium to large companies all over Australia.

Economit

Economit

Economit are a leading IT Information & Cyber Security and Data Protection consultancy.

Deep Algorithms Solutions

Deep Algorithms Solutions

Deep Algorithms Solutions is a pioneering behavioral cybersecurity and AI startup combating sophisticated cyber fraud.

Expleo

Expleo

Expleo is a global engineering, technology and consulting service provider that partners with leading organisations to guide them through their business transformation.