Cyber Report no. 26 by the International Institute for Counter-Terrorism (ICT) reviewed the prominent uses made of cyberspace by terrorist organizations and their supporters in January, February and March 2018. This is not an exhaustive list but rather an identification of the main trends as they arose from the field, and their analysis is divided into four areas.
1. In the operational domain, jihadist organizations continued to use cyberspace for a variety of needs, the most prominent among them being propaganda for the purposes of recruitment and fundraising campaigns. During this period, there was a marked increase in the number of publications by organizations affiliated with Al-Qaeda circles, along with a decrease in the number of publications inciting “lone wolf” attacks by the Islamic State (IS) compared with the number of publications last year (2017).
2. In the defensive domain, terrorists continued the trend of distributing content in cyberspace on issues of security and encryption, privacy and anonymity, warnings against phishing and the safe use of mobile devices. Two cases stood out: First, an article was published on the home page of Kybernetiq magazine (.onion) warning against Internet surfing in Turkey after software for spying on Web surfers was discovered. Second, jihad-supporting programmers launchedencryption software called “Muslim Crypt” and distributed it on the MuslimTech Telegram channel.
3. In the offensive domain, there was quiet on the part of hackers loyal to the IS and Al-Qaeda. The threat in this area appears to be from hacker groups operating under the direction of countries. The central player during this period was Iran, which used hacker groups to launch a hybrid cyber-attack against oil infrastructure in Saudi Arabia and a cyber campaign against Israeli nuclear scientists, and helped Hezbollah develop its cyber capabilities; North Koreacontinued to carry out cyber-attacks using hackers, seemingly to support the country’s economy.
4. In the arena of international counter measures, the American trend continued of prosecuting cyber-criminals, which began in 2017. The first quarter of the year brought with it a variety of risk assessments, most of which predicted that the future cyber threat will come from North Korea, Iran, and Saudi Arabia, using "proxies" in their attacks. In addition, the establishment of new centers for coping with radicalization and cyber-crime was announced. Cooperation continued to develop between countries for the purposes of information exchanges, exercises, and the strengthening of regional security and stability.