The main trends identified in the first quarter of 2017 were analyzed on five axes: operational uses; defensive tactics; offensive tactics; cyber-crime and cyber-terrorism; and international defense policy.
1. On the operational axis, there was a significant trend in the use of the Internet for propaganda purposes. The Islamic State (IS) publishes and distributes its purported military achievements on the Internet using infographics, most likely in light its loss of territory, the death of its leaders, a drastic loss in its income and a decrease in its number of recruits. During this period, the organization used drones to carry out terrorist attacks and distributed videos of the attacks that were filmed by the drones as a propaganda material. A new campaign that was launched online called, “#Demolishing_Fences”, encouraged cyber-attacks against private networks and the execution of “lone wolf” attacks. In terms of financing, the transfer of bitcoin was identified among terrorist operatives for the first time; fundraising campaigns continued to be distributed on social media in order to finance terrorist activities.
2. On the defensive axis, terrorists displayed a pattern of relying on the open Internet for recruitment and then moving to encryption and the darknet for criminal activities because they believe the latter to be beneficial in terms of privacy protection. Thus came the call that the law enforcement system must have access to encrypted channels in order to be able to protect the loyal public. Meanwhile, guidebooks continued to be distributed that contain specific instructions on how to protect oneself against harmful or fraudulent content.
3. On the offensive axis, a considerable number of groups expressed the desire to develop their cyber capabilities. The “Gaza Cybergang” hacker group stood out for its execution of a two-stage cyber-attack, in the framework of a campaign to gather intelligence from governments in the Middle East, which demonstrated high level capability and sophistication. In addition, changes took place in the organizational structure of the UCC hacker group, which recruits other hacker groups to its ranks and distributes mass hit lists.
4. On the cyber-crime axis, ransomware continued to be a central tool of cyber-attacks in light of the inability of law enforcement systems to find the hacker groups responsible for the attacks.
5. On the axis of counter-measures taken to protect against cyber-crime, three significant developments took place during this quarter. First, the Tallinn 2.0 guidebook was released, which deals with the applicability of international law in cyberspace. Second, The US and Britain banned electronic devices larger than an iPhone from being brought on board planes due to fear that the IS will try to bring explosives concealed in laptop computers. Third, a new tool (3DCoP) will soon be launched that is capable of protecting organizations from DDoS attacks; this technological tool relies on teamwork and cooperation between organizations, similar to other conventional collective security concepts. In the background, the international trend of developing national cyber capabilities continued.
See Full Report