Explore the evolving landscape of hacktivism, its impact on cybersecurity, and how businesses can mitigate risks.
Hacktivism, universally defined as the malicious utilization of digital tools, such as hacking, to incite civil disobedience or advance a sociopolitical agenda, has undergone significant transformations in recent times. In its mildest form, it resembles “digital vandalism,” causing frustration and inconvenience to organizations, but in its extreme manifestations, it can result in the exposure of sensitive information, data interceptions, the hijacking of corporate assets, and the systematic erosion of an organization’s reputation. In short, the consequences can be devastating.
In recent years, hacktivism has increasingly mirrored real-world conflicts, as exemplified in the Russo-Ukraine conflict and the war between Hamas and Israel. While the impact of cyberattacks and hacktivism might be less conspicuous during intense combat, incidents have risen as the boundaries between the digital and physical worlds blur.
Common targets for hacktivist groups are government agencies, often due to opposing ideologies and the ability to effect change, as well as multinational corporations perceived as having a negative societal or environmental impact. Presently, the name “Anonymous” is nearly synonymous with hacktivism, as this group is responsible for numerous non-violent digital protests, typically in the form of distributed denial of service (DDoS) attacks, aimed at conveying their version of truth and justice to the world.
Nonetheless, the threat of hacktivism for businesses and government entities runs deeper than Anonymous’s activities. According to Check Point’s 2023 Mid-Year Cyber Security Report, the average number of weekly cyberattacks globally has risen by 8%, the most significant increase in two years. This increase is primarily driven by artificial intelligence, the growing threat of organized ransomware groups, and hacktivism.
Notably, state-affiliated hacktivism has emerged, where hacktivist groups select targets based on geopolitical motives, sometimes with government backing. For instance, the Russian-affiliated “Killnet” group targeted western healthcare organizations in early 2023 with DDoS attacks in response to Western support for Ukraine. Another example is “Anonymous Sudan,” which appeared in January 2023 and has targeted organizations like Scandinavian Airlines, while promoting a pro-Islamic narrative. This group claims to be conducting a counter-offensive operation, choosing Western targets in retaliation for alleged anti-Muslim activities. Their recent target, Microsoft, experienced significant disruptions to its Outlook email service and Azure hosting platform.
The Changing Face of Hacktivism:
Hacktivism is evolving from individual or small group endeavors into coordinated, often state-sponsored, organizations with ideological motivations. The democratization of technology, such as Generative AI, has facilitated the proliferation of hacktivist activities. While Generative AI simplifies the generation of malicious code, it’s important to note that threat actors are mainly looking to exploit well-known vectors. AI enhances the sophistication of lookalike domains and phishing attacks, making fraudulent domains and fake emails more challenging to identify.
AI also aids in orchestrating sharper, faster DDoS attacks. A DDoS attack overwhelms a server or website with artificial traffic requests, rendering it nonfunctional. In the current year, we witnessed a record-breaking DDoS attack, peaking at 71 million requests per second, hinting at the increasing scale of such attacks.
Limiting Exposure to Hacktivism:
Hacktivist attacks are inherently ideological, making exposure inevitable for some businesses, particularly those in the public sector. While it may be challenging to prevent attacks entirely, organizations can take steps to mitigate their risks. Robust data backups can limit the impact of ransomware attacks, while cyber awareness training and zero-phishing technology can mitigate the effectiveness of lookalike domains and phishing tactics.
The Future of Hacktivism:
The future of hacktivism is expected to be multifaceted, involving both state-affiliated operations and grassroots movements. State-affiliated hacktivism is a well-established threat, likely to become more sophisticated due to external funding. Hacktivist groups may form alliances, irrespective of their core ideologies, resulting in more coordinated and impactful attack campaigns. These groups are also using ransomware campaigns as a revenue stream to fund other activities, masking their hidden agendas behind politically motivated attacks.
Grassroots hacktivism, driven by social, environmental, or regional political causes, will continue to play a significant role. As global issues like climate change and human rights gain more attention, decentralized hacktivist movements can rally the global online community around their causes.
Technology, particularly deepfakes, is becoming a regular tool in the hacktivist arsenal, used for impersonation and propaganda. As we move into 2024 and beyond, the lines between state-sponsored cyber operations and traditional hacktivism will continue to blur. Organizations worldwide will need to be prepared for a diverse range of cyber threats, each with their own unique motivations and tactics.