ISIS Is Tooling Up For Cyber Jihad

Uploaded on 2016-08-10 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Utilities

Islamic terrorists are arming themselves with the technical tools and expertise to attack the online systems underpinning Western companies and critical infrastructure, according to a new study from the Institute for Critical Infrastructure Technology.

The goal of the report was to bring awareness to "a hyper-evolving threat" said James Scott, ICIT co-founder and senior fellow.

Dark web marketplaces and forums make malware and tech expertise widely available and, with plenty of hackers for hire and malware for sale, technical skills are no longer required. A large-scale attack could be just around the corner, said Scott.

"These guys have the money to go on hacker-for-hire forums and just start hiring hackers," he said.

US authorities are well-aware of the rising threat posed by Islamic terrorists armed with advanced cyber-tools. In April, Defense Secretary Ashton Carter declared a cyberwar against the Islamic State group, or ISIS. 

Ransomware chatter rose to prominence on dark web jihadi forums around the fall of 2015 and continues to be a topic of debate, particularly among members of ISIS and Boko Haram.

"I had the same position that I have right now with this in December of last year with regards to ransomware hitting the health-care sector," said Scott. "We were seeing the same exact thing."

Much of the chatter on jihadi chat boards comes from Europeans and Americans, often social outcasts living vicariously through the online reputation of their handle, including disenfranchised teens or jailhouse Muslim converts turned radicals, Scott said. They may not have strong coding skills, but they have access to Western institutions and businesses and are looking to leverage that access to serve ISIS.

An example of the sort of conversation that takes place on Islamic dark web forums involved a cleaner in Berlin who worked the overnight shift and wanted to know how they could help, said Scott. Others chimed in, explaining how the janitor could load malware onto a USB device and plug it into a computer to allow them to remotely hack into the network.

"That is the kind of insider threat that we are going to be facing," said Scott. "That is what they are seeing as the next step, an army of insider threats in the West."

Though not known for being particularly sophisticated in their use of technology, beyond the use of encrypted messaging services and creating malicious apps, Islamic terrorists are now aggressively seeking ways to bridge gaps in their knowledge, said Scott. This may come in the form of hiring hackers, recruiting tech-savvy teens and educating new recruits.

"They are rapidly compensating for that slower part of their evolution," said Scott. For example, ISIS operates what can best be described as a 24-hour cyber help desk, staffed by tech-savvy recruits around the globe. There are always about six operatives available to address questions, for example, about how to send encrypted messages, and strategize about how to leverage local access into cyberattacks. They also share tutorials, cybersecurity manuals and YouTube links, and try to recruit other techies, said Scott.

"It is obvious that cyber jihadists use dark web forums for everything, from discussing useful exploits and attack vectors, to gaining anonymity tips and learning the basics of hacking from the ISIS cyber help desk," he said. "Setting up properly layered attacks is incredibly easy even if one has a modest budget. 

All one needs is a target and a reason."

CNBC:

 

« Defensive Measures: Estonia Will Store Citizens’ Data In The UK
Banks Look Up To The Cloud »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

F5 Networks

F5 Networks

F5 products ensure that network applications are always secure and perform the way they should—anywhere, any time, and on any device.

itWatch

itWatch

itWatch is focused on data loss prevention (DLP), endpoint security, mobile security, encryption, and cost reducing solutions for IT operations.

Aspisec

Aspisec

Aspisec is a cybersecurity company specialized in Firmware Security and Critical Infrastructure Protection.

IoT Security Institute (IoTSI)

IoT Security Institute (IoTSI)

IoT Security Institute is an academic and industry body dedicated to providing frameworks and supporting educational services to assist in managing security within an Internet of Things eco-system.

Extreme Protocol Solutions (EPS)

Extreme Protocol Solutions (EPS)

Extreme Protocol Solutions is an industry leading Data Sanitization Software, Hardware and Onsite Service Provider.

Accelerator Frankfurt

Accelerator Frankfurt

Accelerator Frankfurt is an independent go-to-market program focused on Fintech, Cybersecurity and Digital B2B startups.

Port53 Technologies

Port53 Technologies

Port53 Technologies is focused on delivering enterprise-grade, cloud-delivered security solutions that are easy to deploy, simple to manage and extremely effective.

QGroup

QGroup

QGroup has been re-designing the consultancy industry since 2012. We're a rapidly expanding group of consulting companies that deliver bespoke IT services including cybersecurity.

FPG Technologies & Solutions

FPG Technologies & Solutions

FPG Technology is a technology solutions provider and systems integrator, specializing in delivering IT Consulting, IT Security, Cloud, Mobility, Infrastructure solutions and services.

HashDit

HashDit

HashDit products and services focus on helping build a safe ecosystem for both protocol users and smart contract developers on BNB Chain.

Yarix

Yarix

Yarix is the leading company in Var Group’s Digital Security division and one of the most recognised, innovative and authoritative Italian companies in the IT security sector.

TrustMe

TrustMe

TrustMe’s integrated platform for business trust and resilience keeps organizations safe, secure, and trustworthy.

NeuroID

NeuroID

NeuroID combines the power of industry-leading behavioral analytics with advanced device and network intelligence to create your first line of defense against malicious bots, bad actors, and fraud.

ABPCyber

ABPCyber

ABPCyber offers holistic cybersecurity solutions spanning DevSecOps, advisory and consultancy, designing and integration, managed operations, and cybersecurity investment optimization.

Nuke From Orbit

Nuke From Orbit

Nuke's mission is to put you back in control of your digital identity when your smartphone gets stolen.

Quantum Knight

Quantum Knight

Quantum Knight is the most performant commercial-grade embeddable cryptography. Lock down any resource from any location or device. Take control of your data now.