A report from Flashpoint, released this morning, offers an overview on the current existence of pro-Daesh hacking groups and methods. Anyone who has followed the space in recent months won't be surprised by the findings – in short, they are underfunded, fragmented, and operate unofficially.
Five different pro-Daesh (al-dowla al-islaamiyya fii-il-i'raaq wa-ash-shaam, a.k.a. ISIS/ISIL) groups get the most attention when the topic of ISIS and hacking enters the conversation.
In the past, they've coordinated on a few campaigns, pooling talent and resources, but remained largely individual when it came to action. Earlier this month, that all changed, when they announced the formation of a "United Cyber Caliphate."
So is this unified group something to fear? Not really, but don't dismiss them out of hand either.
"This willingness to adapt and evolve in order to be more effective and garner more support indicates that while these actors are still unsophisticated, their ability to learn, pivot, and reorganize represents a growing threat," the report explains.
"Regarding this coordination, however, it is important to note that because the pro-ISIS hacking effort is still an unofficial endeavor, neither acknowledged nor claimed by ISIS itself, it is still poorly organized (and likely under-resourced)..."
When these groups attack something, they focus on media, government, or banking – usually the target is one that will generate publicity. But the attacks themselves are novice level, things that are easily prevented or avoid if proper security controls are in place.
The report is a high-level overview to be sure, but there's enough in it to get a basic understanding of pro-Daesh groups and how they act.
One interesting observation can be found in the TTP section of the report. For the most part, if the groups need a tool, they're focus on open source projects, and existing frameworks, which means if your organization can deal with these known entities, you're already a step ahead of any terror-supporting adversary.
When it comes to malware, while these groups will favor custom designs over off-the-shelf spec, the malware itself is rather basic - usually a RAT. But while custom offerings offer a stronger level of protection against AV detection, most groups tend to use the off-the-shelf designs, suggesting funding issues in most cases.
Earlier this week, a story in the New York Times suggested that the US would start taking a more direct role in combating pro-Daesh hackers online; using many of the same attacks and tactics these groups use to target the government and public sectors.
If that's true, then these fragmented and underfunded groups are going to be up against an adversary that no one likes to face – someone with resources (technical and financial) and all the time needed to use them.
A copy of the Flashpoint report is available online.