While the threat that emanates from ISIS-inspired cyber-attacks is of high concern, especially in light of the formation of a new United Cyber Caliphate composed of previously disparate pro-ISIS hacking collectives, these hacking groups still operate unofficially, remain poorly organised and are likely underfunded.
This is according to Flashpoint, a leader in Deep & Dark Web data and intelligence, which has released a new report analysing the cyber capabilities of the Islamic State (ISIS), titled “Hacking for ISIS: The Emergent Cyber Threat Landscape”.
“Given prior attacks that compromised the CENTCOM and Newsweek Twitter accounts, new concerns regarding ISIS’s cyber capabilities have clearly emerged,” says Laith Alkhouri, director of research & analysis for the Middle East and North Africa and a co-founder at Flashpoint. “Until recently, our analysis of the group’s overall capabilities indicated that they were neither advanced nor did they demonstrate sophisticated targeting.
“With the latest unification of multiple pro-ISIS cyber groups under one umbrella, there now appears to be a higher interest and willingness amongst ISIS supporters in coordinating and elevating cyber-attacks against governments and companies.”
For the vast majority of its existence, the pro-ISIS hacking landscape was composed of at least five distinct groups that launched campaigns in support of the terror group. Evidence indicated that these collectives overlapped or coordinated with one another in certain campaigns, pooling their resources and manpower. This confluence culminated in the 4 April 2016, announcement of a new group called the “United Cyber Caliphate,” following the formal merger of several groups.
These efforts suggest a growing pro-ISIS community of hackers that is expected to expand further, especially if the collective’s online operations become successful. Even limited success could inflate their notoriety and enable them to continue to grow their capabilities and attract talent.
Aside from exploring the new United Cyber Caliphate collective, “Hacking for ISIS: The Emergent Cyber Threat Landscape” takes an in-depth look at the birth and evolution of ISIS’s cyber capabilities by first exploring the most prominent actors on an individual basis, followed by a look at the latest developments.
Researchers noted that, thus far, pro-ISIS hackers appear to have launched attacks primarily on government, banking, and media targets. These targets appear to be not only the focus of attacks but also what generate the most publicity for the groups behind them. However, these attacks remain relatively novice-level and are mostly attacks of opportunity.
Such attacks include finding and exploiting vulnerabilities in web sites owned by, for example, small businesses, and defacing or DDoSing their websites. Flashpoint analysts expect that as these actors mature, they will continue targeting financial institutions.
Additionally, researchers studied a number of other factors to support their analysis including:
* Cyber Caliphate and Islamic State hacking division: An overview of these groups’ targets, accomplishments and ability to obtain sensitive data, along with a review of past attacks where these groups have been successful in launching cyber threat incidents.
* Call for cyber recruits: While ISIS has not explicitly attempted to recruit sophisticated hackers, Deep & Dark Web forums can be used as a training ground, allowing ISIS followers with low-level technical and hacking abilities to hone their skills. Deep & Dark Web forums include sections containing both beginner and advanced hacking courses, hacking tools and manuals, as well as ways to communicate with others for support and guidance.
* Techniques and tactics: While it is difficult to assess what techniques, tactics, and procedures (TTPs) ISIS’s supporters employ, based on the types of cyber-attacks the various pro-ISIS hacking groups have claimed responsibility for, Flashpoint analysts believe pro-ISIS hackers depend on coordinated campaigns, social media, use of malware, and specific technical tools.
* Hacking tools versus malware: Pro-ISIS cyber actors are likely to download hacking tools from publicly available sources while also utilizing both off-the-shelf and custom malware.