Hacktivism: Is your company caught in between?

Because it’s not in your country doesn’t mean your company is safe.

The weekend of June 24th, 2022, in the U.S., turned chaotic as the Supreme court invalidated Roe v. Wade. Angered by the anti-abortion laws that took immediate effect in Arkansas and Kentucky, a ransomware group named SiegedSec launched a hacktivist attack. The group froze the Arkansas and Kentucky state government servers and leaked (as per the group’s claim) internal documents.

In pursuit of social causes or for reasons contrary to their view, hacktivists conduct digital protests by launching cyberattacks against their opponents. This act is coined hacktivism.

To define Hacktivism;

Hacktivism is a means of communicating an agenda or vision to the world. It is a preferred method by experienced cyber security professionals to voice their opposition to perceived injustice.

In spite of the hacktivists’ intentions to advance social causes, this approach is not entirely legal since they’re unauthorised to access these systems and do so without permission. Hence, hacktivism is a form of digital crime, but due to its non-lethal nature, hacktivism is considered harmless cyberwar on the grounds that no lives are lost.

What triggers hacktivism?

Hacktivists need visibility for the causes they support. More than financial gains, it is this one fact that motivates them. Hence, after careful analysis of a handful of hacktivist events, the Security Quotient Cyber Security research team concluded the following as triggers;

When a law is enacted, annulled or modified
An ongoing war
To support a country, group or entity and to highlight its suffering to the world.

Here are some examples to support our inference.

Russia-Ukraine Cyberwar

The Russia-Ukraine cyber war led to a spike in hacktivism in 2022. Many pro-Russian and pro-Ukrainian factions launched cyberattacks against each other, disrupting government and banking services, stealing data, and even initiating DDoS attacks against websites supporting Ukraine, including those in the U.S., Estonia, German, Polish, and Czech. High-ranking officials, such as the President of the Romanian Senate, Marcel Ciolacu, were targeted by hacktivists because he promised to assist Ukraine.

OpsBedil campaign

Palestinian hacktivist group OpsBedilreloaded launched cyber attacks against Israeli citizens and organizations in retaliation. The hacktivists scanned for vulnerable servers and launched DDoS attacks. Further, apart from breaching data, they targeted Israeli citizens using phishing emails.

Mysterious Team Bangladesh (MTB) hacktivist attack on Indian websites

Raged by a statement made by a politician from India, MTB hacktivists attacked using DDoS on websites hosted by the Indian govt and the State Government.

What are the common types of hacktivist attacks?

According to our analysis of hacktivist attack patterns in 2022, DDoS was the most prevalent type of attack, followed by defacement, phishing and ransomware.

Distributed Denial of Service (DDoS attack)

Hacktivists employ DDoS attacks on targeted sites to cause downtime. The rival’s server is swamped with continuous requests from multiple resources, flooding their system with excessive internet traffic. Hacktivists even try to exaggerate the amount of data compromised or the impact caused by a DDoS attack to create panic among the general public and gain attention.

Defacement

Defacement is gaining unauthorised access to the websites and modifying the content. Defacing sites is a tactic used by hackers to embarrass the opposition. Several Ukrainian websites were defaced following the Russian Wiper Malware attack on Ukrainian government websites

Ransomware

A form of malware which prevents users from accessing their systems by encrypting their files and demanding a ransom to regain access. By deploying a new ransomware called ‘Somnia’, a Russian hacktivist group ‘From Russia with Love’ impacted several organisations in Ukraine. Their goal was not to demand a ransom but to disrupt network services.

Why should cyber security managers be worried about hacktivism?

You may wonder why you should be concerned about hacktivism since it only involves conflicts between governments.

Wrong!

Remember the adage – The more successful you are, the more visible you are. And the more visible you are, the more targeted you are. In this context, ask yourself a few questions;

1. How big is my company (or brand)?

Imagine Microsoft or Sony, or Hyundai. If your brand is big, then the chances of you being caught in the cross-hairs of hacktivism are very high.

2. Is my company (or brand) associated with a targeted nation?

Is your brand proudly associated with a country? Imagine a BMW in Germany or Boeing in the U.S. If your country is directly or indirectly involved with a target state, the chances of a hacktivist attack are very high.

3. Is my company using technology (software, machines etc.) provided by a targetted country?

Is your business dependent on a particular software or technology provided by a nation constantly targeted by hacktivists?

4. Is my company doing business in or with an affected nation?

Is your business gaining monetary or other benefits by doing business with a targeted nation?

How to prepare for hacktivism?

Remember, you are fighting a highly motivated group of people convinced of their beliefs. This is more of a political issue than a cyber security one. Nevertheless, all controls part of a sound cyber security system apply to counter hacktivism. If we were to highlight a few, they are;

End-user cyber security awareness
Close monitoring of global events and preparation
Updating your cyber incident and response plan
A well-tested business continuity and emergency response plan
An appropriate PR and communication plan in the event of an attack

Conclusion

Hacktivism is a method for exposing government actions to public criticism. Hacktivist attacks could be in the form of phishing scams resulting from an unrest environment like the Russia-Ukraine cyber war. It could also be in the form of ransomware, malware, or DDoS. Even when hacktivism differs from cyberterrorism, companies must be cautious. Any company could be caught in the crosshairs of hacktivists. What saves you from this is having a robust cybersecurity management system in place and a deep understanding of hacktivists’ motives.

Training Recommendations

A hacktivist attack can result in a network breach at any time as they constantly attempt to gain unauthorised access to a network. This short training video will prepare your team to handle a network breach.

Every employee must be aware of cybersecurity to prevent major disasters from happening that can harm an organisation. Here is a short training video to ensure your employees are aware of the fundamental aspects of cyber security.