How one ransomware campaign was actually a front for a terrorist kill list

Morrison Foerster's John Carlin, a former Department of Justice employee, spoke with TechRepublic about the concept of blended threats, and what businesses can learn from them.

What companies need to know about blended threats and their impact on IT

When John Carlin was working for the US government, he encountered what seemed like a normal, small-time cybersecurity attack. But it turned out to be so much more.

In what appeared to be an unsophisticated attack, a hacker stole a small amount of information from a US company--including names and addresses--and demanded $500 in Bitcoin for its return. Because of these details, Carlin said that many employees thought it was just a crook looking for cash, but a little investigation turned up something more sinister.

SEE: Information security incident reporting policy (Tech Pro Research)

As it turns out, the actor wasn't a small time crook, but an extremist from Kosovo who had hacked into the US company, and was using the information he extracted to work with a notorious ISIS leader to make a kill list. The pair was sending the names and addresses to followers through Twitter, essentially ordering them to kill these people and telling them where to find them.

This is what Carlin refers to as the "blended threat." Cyber crooks are working with terrorists and nation states to build multifaceted attacks, and business leaders need to understand this trend and use it to inform their risk strategy. Because most of these attacks seem small, they often don't register as serious threats, but they are.

Another major threat that is changing the way business leaders need to think about security is the Internet of Things (IoT), Carlin said. In the rush to connect all of our devices, many leaders didn't take into account what bad guys could do with the new information that has been made available.

Moving forward, Carlin said enterprises need to focus on security by design--it's simply not feasible for organizations to try to figure it out after the fact. Drones, medical equipment, and cars are just some of the devices that will continue to become connected, and they need better security so the enterprise can innovate more safely, Carlin said.

Also see