The main trends identified during the month of April 2017 were analyzed on five axes: operational uses; defensive tactics; offensive tactics; cyber-crime and cyber-terrorism; and counter-measures to protect against cyber-crime.
1. On the operational axis, there was a significant trend in the use of the Internet for propaganda purposes and the continued pattern of reliance on open networks for recruitment followed by a move to encrypted channels for suspicious activities; the Islamic State (IS) continued to publish and distribute its purported military achievements on the Internet using infographics to compensate for its losses in the real world; digital banners containing incitement for the execution of “lone wolf” attacks were frequently distributed to inspire young Muslims in the West using design based on popular video games; there was also "gender" propaganda aimed at influencing a female target audience, and accordingly the contents dealt mainly with modesty and the education of children, using pink color for design; a female charity was expected of being in contact with activists and supporters of terrorism, but the issue has not yet been clarified.
2. On the defensive axis, terrorists have shown concern over spying by security forces as well as civilian elements. In order to protect themselves in terms of security, technological means were employed to maintain anonymity, mask a location or for purposes of fabrication, and security updates were disseminated to repair breaches. In addition to the practice of publishing recommendations and guidebooks, there were groups whose stated goal was “to educate” the Muslim community on safe Internet use. In the civilian arena, "spies" who infiltrated terror-supporting groups were exposed and their identities distributed as a warning.
3. The offensive axis was analyzed in the form of active hackers such as the Popular Front for the Liberation of Palestine, the United Cyber Caliphate (UCC) and the Caliphate Cyber Terrorism Army (CCTA). Most of the attacks were based on hacking user profiles on social media and defacing the home pages of private Web sites, and it appears that the targets were chosen due to the ease with which they could be hacked from the outset.
4. On the cyber-crime axis, new malware was reviewed. A malware named FalseGuide, which attacks Android devices, infected approximately two million users for Adware purposes. The trend of Botnet use on mobile devices improves its level of sophistication and distribution. Other identified malware were spyware tools. In this context, there was an attempted cyber-attack in Israel aimed at breaching the defense infrastructure system that was carried out by the OilRig hacker group, which is associated with Iranian intelligence agencies.
5. On the axis of counter-measures taken to protect against cyber-crime, the "holistic" view required for effective counterterrorism was discussed and only integration between fronts was found to be effective. Thus, legislation was emphasized as well as the development of technological means, such as an algorithm that identifies and removes violent expressions, the establishment of cyber units, the identification and recruitment of candidates to the cyber system, and the holding of joint exercises to strengthen resistance.