The tragedy in Brussels shocked the world this week—but the aftershocks of the March 22 terrorist bombings are likely to include follow-on cyber-threats.
These attacks typically involve hackers targeting critical infrastructure in order to cause chaos and physical damage, alongside fear and financial damage.
“We have been able to identify a pattern of behavior of cyber attackers and attack methods surrounding major terrorist events in Western Europe, the latest such pattern was identified after the November 2015 Paris terrorist attacks,” Cytegic noted in an intelligence brief shared with Infosecurity.
That pattern consists of a heightened cyber activity level in the attacked country, which starts directly after the terrorist attack and peaks during the week after, subsiding only two to three weeks later. Usually the attacks include denial-of-service, defacements, email social engineering and malware injections.
They target the usual victims: government, media, banking and finance, critical infrastructure, military and defense; and they’re carried out by the usual suspects: Hacktivists, nation-states or nation-backed attackers and cyber-terrorist hackers affiliating themselves with ISIS).
“It is important to mention the recent cyber-attacks on Ukrainian critical infrastructure and transportation targets, including Kiev’s international airport, a local railway company and an energy company, supposedly done by Russian government-backed hackers,” Cytegic said. “Cyber-terrorists are constantly looking to place ‘doomsday buttons’ in critical infrastructure targets, and are more likely to continue doing so as the war against ISIS continues and grows.”
Not all of the attacks are in support of the terrorists—after the Paris attacks, French government forces, Anonymous and its affiliated friends acted against the perpetrators. “The cyber-skirmishes between the sides lasted for three weeks, peaking three and four days after the terrorist attack,” Cytegic said.
And indeed, in this case, part of the follow-on activity is likely to be driven by Anonymous and its anti-ISIS campaign, which usually includes attacks on ISIS supporting websites and social-media accounts.
“High-profile organizations in Belgium and Western Europe, mainly from the government, media, banking and defense sectors should be on high alert for cyber-attacks in the coming weeks and take preemptive measures to prevent mostly DDoS, social-engineering and malware attacks on their websites, networks and employees,” Cytegic said.
Photo © Savvapanf Photo