As ISIS-inspired cyber-attacks continue to be of high concern, the United Cyber Caliphate has now formed, composed of previously disparate pro-ISIS hacking collectives.
According to a Flashpoint analysis [PDF], for the vast majority of its existence, the pro-ISIS hacking landscape was composed of at least five distinct groups that launched campaigns in support of the terror group. Evidence indicated that these collectives overlapped or coordinated with one another in certain campaigns, pooling their resources and manpower. This confluence culminated in the 4 April announcement of the new group.
This unification of multiple pro-ISIS cyber groups under one umbrella shows a higher interest and willingness amongst ISIS supporters in coordinating and elevating cyber-attacks against governments and companies. It’s a big departure from the previous norm, the firm noted, even though these hacking groups still operate unofficially and remain poorly organized and are likely underfunded.
“Given prior attacks that compromised the CENTCOM and Newsweek Twitter accounts, new concerns regarding ISIS’s cyber-capabilities have clearly emerged,” said Laith Alkhouri, director of research and analysis for the Middle East and North Africa and a co-founder at Flashpoint. “Until recently, our analysis of the group's overall capabilities indicated that they were neither advanced nor did they demonstrate sophisticated targeting.”
In contrast, these latest efforts suggest a growing pro-ISIS community of hackers that is expected to expand further, especially if the collective’s online operations become successful. Even limited success could inflate their notoriety and enable them to continue to grow their capabilities and attract talent.
Researchers also noted that thus far, pro-ISIS hackers appear to have launched attacks primarily on government, banking and media targets. These targets appear to be not only the focus of attacks but also what generate the most publicity for the groups behind them.
“However, these attacks remain relatively novice-level and are mostly attacks of opportunity,” Flashpoint explained. “Such attacks include finding and exploiting vulnerabilities in websites owned by, for example, small businesses, and defacing or DDoSing their websites. Flashpoint analysts expect that as these actors mature, they will continue targeting financial institutions.”
While it is difficult to assess what techniques, tactics, and procedures (TTPs) ISIS's supporters employ, based on the types of cyber-attacks the various pro-ISIS hacking groups have claimed responsibility for, Flashpoint analysts believe pro-ISIS hackers depend on coordinated campaigns, social media, use of malware and specific technical tools. On this latter point, pro-ISIS cyber actors are likely to download hacking tools from publicly available sources while also utilizing both off-the-shelf and custom malware.
And finally, while the report found that ISIS has not explicitly attempted to recruit sophisticated hackers, it noted that Dark Web forums can be used as a training ground, allowing ISIS followers with low-level technical and hacking abilities to hone their skills. These include sections containing both beginner and advanced hacking courses, hacking tools and manuals, as well as ways to communicate with others for support and guidance.
Photo © Creativa Images