30 March 2016

IS said to aim cyber ‘second strike’ against terror targets


March 27, 2016

Terrorists who strike European countries often follow attacks with mass hacking, according to Israeli cyber-security firm 

People gather to observe a minute of silence in memory of the victims of the Brussels airport and metro bombings, on the Place de la Bourse in central Brussels, on March 23, 2016, a day after the triple blasts killed some 30 people and left around 250 injured. 

Terror attacks are often followed, in an extra strike of cruelty, by major cyber-attacks on the targeted country, according to data gathered by Israeli cyber-security firm Cytegic.

Such second strike attacks then provoke a response by anti-terror cyber-activists, with the result that a country could find its networks paralyzed for days because of the huge strain, just when communication is especially vital.

Cytegic researchers have been observing this pattern for months, and the best example to date is the activity in the wake of the terror attacks in Paris last November – activity that has repeated itself in the days since the Brussels attack last week.

According to this pattern, cyber-attacks peak about four days after the actual terror attack, and the attacks encompass major sectors of the economy, especially government, media, and the financial sector.

The attacks have a clear political character, based on the messages left behind on defaced websites and the email messages sent out as part of the phishing attacks by hackers. Those messages include links to articles and stories connected to the terror attack, and when users click on them, they download malware that corrupts their computers and the networks they connect to.

Based on the intelligence they have gathered, Cytegic experts have connected these cyber-operations to the Islamic State terror group and other Islamist groups that have take responsibility for terror attacks.

“The most used attack methods are denial-of-service, defacements, email social engineering and malware injections,” said the Cytegic report. “The most targeted industries in the attacked country are government, media, banking and finance, critical infrastructure, military and defense.”

Meanwhile, cyber-defenders in a targeted country – such as self-declared members of hacker group Anonymous – fight back, striking back at servers and websites affiliated with IS and other Islamist terror groups.

“After the Paris attacks, the cyber-war included two sides – French government forces, Anonymous and its affiliated on one side, and pro-ISIS hacktivists and sensationalists on the other,” said Cytegic, using an alternate acronym for Islamic State.

Less than a week after the Brussels attacks, “we have already been able to see political activists starting to ‘rally the troops’ and organize for an anti-ISIS campaign. This usually includes attacks on ISIS supporting websites and social-media accounts – mostly denial-of-service attacks, defacements, website redirections and taking down Twitter accounts,” the same tactics used by IS, the report said.

But the medicine could be just as damaging as the disease; as pro- and anti-terror groups fight it out, they use up network resources. That causes the targeted country’s Internet traffic to falter, giving the terrorists a second victory with their ability to slow down business, government, and daily life revolving around the Internet.


Graph shows the primary targets of Islamist hackers in France after the November 2015 terror attacks (Courtesy)

Cytegic figured all this out using its big data analysis system, which can quickly analyze Internet trends: who is threatening whom, which kinds of attacks are in vogue, what’s in the news that would prompt a cyber-attack, and much more, according to CEO Shay Zandani.

“For example, we determine how much a term, like ‘nuclear Iran,’ is being used on the Internet and the ‘undernet,’ where hackers hang out, and if our client has something to do with nuclear power, criticism of Iran, or some other related matter, we would send them an alert that they need to be on guard against an attack. Our Dynamic Trend Analysis (DyTA) system collects data from over 1,000 sources and checks 20,000 terms and concepts, analyzing them and determining what the threat level is for relevant clients.”

IS did not invent the idea of trying to bring down a country’s Internet after a terror attack or other act of aggression, said the Cytegic report. That honor apparently belongs to Russia.

“It is important to mention the recent cyber-attacks on Ukrainian critical infrastructure and transportation targets, including Kiev’s international airport, a local railway company and an energy company, supposedly done by Russian government-backed hackers,” the report said.

Those attacks occurred in January, and were traced back to a server in Russia, according to Ukrainian investigators who believe that they were part of Russia’s ongoing attacks against Ukraine in light of the latter’s opposition to Russia’s entry into Crimea in 2014 and the subsequent economic sanctions by the West against Russia.

Expect more attempts by terror groups to disable the economy of a targeted country.

“Cyber terrorists are constantly looking to place ‘doomsday buttons,’ in critical infrastructure targets, and are more likely to continue doing so as the war against ISIS continues and grows.”

In any event, said Cytegic, “high-profile organizations in Belgium and Western Europe, mainly in the government, media, banking and defense sectors, should be on high alert for cyber-attacks in the coming weeks and take preemptive measures to prevent mostly DDOS, social-engineering and malware attacks on their websites, networks and employees.”

No comments: