ISIS continues to use the Internet for information operations, posting video threats against (at least) France, Italy, and the United States. Other nations, especially in Europe, move to elevated levels of alert as gunmen take over a hundred hostages at a hotel in Bamako, Mali (Mali is a staging area for French operations against Islamist insurgencies in Africa).
A suicide bomber's dumped cell phone — unencrypted and unsecured — apparently led French police to the Paris massacre's ringleader. Telegram, the messaging app allegedly favored by ISIS, blocks ISIS-associated accounts. Cryptographers continue to give Telegram's encryption poor reviews, further calling into question the degree to which ISIS effectively screened its planning and coordination behind encryption.
Nonetheless, the crypto policy wars continue to boil, with the tech industry groups maintaining their opposition to government suggestions that encryption should be weakened.
Observers think they see signs that ISIS may be adopting al Qaeda's model of centrally directed attacks. If this is so, then a study of intelligence failures against al Qaeda may offer lessons as more governments agree to cooperate against the self-proclaimed Caliphate. One possible lesson: freelance hacktivist disruption of ISIS communications may prove counterproductive, reducing signals otherwise usefully collected and analyzed.
More familiar botnets and exploit kits return in enhanced (or at least evolved forms). One new threat actor surfaces: Microsoft is calling the group "Strontium," and describes its operations against NATO and national governments. There's no attribution yet, but Strontium's targets and methods suggest a nation-state as opposed to criminals and hacktivists.