Remember when pro-Daesh/ISIL/ISIS hacking groups banded together to form a unified force? They're still, er, hooking up, according to a recent study.
However, while they still operate unofficially, say the authors, they remain poorly organised and are likely underfunded, according to threat intel outfit Flashpoint. The study, entitled Hacking for ISIS: The Emergent Cyber Threat Landscape, concludes that the group is likely to mount cyber attacks against governments and companies beyond the hijacking of social media accounts of media and US military organisations on Twitter that first made them infamous last year.
“Given prior attacks that compromised the CENTCOM and Newsweek Twitter accounts, new concerns regarding ISIS’s cyber capabilities have clearly emerged,” explained Laith Alkhouri, director of research & analysis for the Middle East and North Africa and a co-founder at Flashpoint. “Until recently, our analysis of the group's overall capabilities indicated that they were neither advanced nor did they demonstrate sophisticated targeting.
“With the latest unification of multiple pro-ISIS cyber groups under one umbrella, there now appears to be a higher interest and willingness amongst ISIS supporters in coordinating and elevating cyber attacks against governments and companies,” Alkhouri said.
Until recently the pro-ISIS hacking landscape was composed of at least five distinct groups that launched campaigns in support of the terrorist organisation. Evidence indicated that these collectives overlapped or coordinated with one another in certain campaigns, pooling their resources and manpower. This co-operation culminated in the April 4, 2016, announcement of a new group called the “United Cyber Caliphate”, that came about following the formal merger of several groups.
Flashpoint paints a picture of a “growing pro-ISIS community of hackers” that is hoping for success to draw in fresh recruits and strengthen its capabilities. “Even limited success could inflate their notoriety and enable them to continue to grow their capabilities and attract talent,” Flashpoint warns.
Flashpoint’s study is based on an analysis of pro-ISIS hacker collectives, techniques and tactics, targeting methodology and hacking tools.
The firm’s experts in the deep and dark web data and intelligence teamed up to complete the study, which noted that thus far, pro-ISIS hackers have launched attacks primarily on government, banking and media targets. These targets have the most potential to generate publicity from successful attacks. Flashpoint dissed these attacks as comparatively “novice-level” and opportunistic.
Jihad-orientated hacktivists typically tactics to date have extended to include finding and exploiting vulnerabilities in websites owned by, for example, small businesses, and defacing or DDoSing their websites. Financial institutions are likely to become target of the newly unified group as it matures, Flashpoint warns.
Pro-ISIS cyber actors are likely to download hacking tools from publicly available sources while also utilising both off-the-shelf and custom malware.
Bad news for corporate security teams then, but a long way from the dire warnings of UK Chancellor George Osborne last November that cyber-jihadists are trying to take down critical infrastructure – Osborne had hinted that power stations, air traffic control systems and more would be targeted.
While ISIS has not explicitly attempted to recruit sophisticated hackers, deep and dark web forums can be used as a training ground, allowing ISIS followers with low-level technical and hacking abilities to hone their skills. These forums include sections containing both beginner and advanced hacking courses, hacking tools and manuals, as well as ways to communicate with others for support and guidance. ®