Hacktivism: Should it Really be on Your Radar in 2015?

Back in 2012, Verizon labeled 2011 as the year of the hacktivist, as 58% of all data stolen was the result of hacktivism attacks. Attention seems to have shifted to cybercrime at the enterprise level, but CISOs must stay alert to hacktivism.

The truth is that hacktivism attacks are growing larger every year and all companies are susceptible.

What are the Numbers Saying?

Cybercrime is often separated from hacktivism in terms of security threats. Studies found that in late 2014, cybercrime accounted for 70.8% of attacks while hacktivism came in at 18.1%. Despite a lower percentage, hacktivism is still a major concern. Hackers have become more powerful, upping their ability to flood enterprise networks from 100Gbps in 2011 to upwards of 400Gbps in 2014.

Although some of the biggest hacktivism collectives are dying, major entities are rising in the interim. In an effort to spread a public message, hacktivist groups like ISIS and the Syrian Electronic Army target governmental figures and departments. However, hacktivists can target any industry or company, and if you think you’re immune, take a look at some of these high profile victims:

• Sony Pictures: In 2014, suspected North Korean hacktivist group Guardians of Peace (GOP) breached Sony, allegedly because of greedy and criminal business practices.
• JP Morgan Chase: Bloomberg reports that Russian hackers attacked the financial institution and the FBI has investigated whether or not it was in response to government sanctions imposed on the country.
• TV5Monde: Hackers claiming allegiance to Islamic State kept the French-language broadcaster off the air for the better part of a day and took control of the station’s website and social media outlets.
• American Public Broadcasting Station: Back in 2011, hacktivist group LulzSec attacked PBS, stealing scores of user data and posting fake stories to the website. This was expected to be in defense of the WikiLeaks scandal and its supporters.

Hacktivism is considered to be a cyber attack with political of social undertones. Although governmental messages are involved, there is no telling what entity will actually be attacked. The unpredictability of these cause-driven attackers makes it essential for CISOs to be prepared.

The Distributed Denial of Service Nightmare

Hacktivism attacks aren’t just after financial gains or customer data. Publicity is a major goal because of the social message attackers are trying to convey. Distributed denial of service (DDoS) attacks are the key vehicle for hacktivists to get their message across.

As mobile devices and apps grow increasingly important to businesses of all sizes, hackers are finding ways to exploit endpoint weaknesses. Because of the growing amount of public-facing applications, hackers can steal user credentials, get into the enterprise cloud and steal any amount of corporate data. With hacktivism, the threat goes even deeper.

Once a hacktivist has gained access to user credentials, they can deploy malware into the system with phishing. The malware spreads throughout the network, using bots to steal more login information until the hacker has a litany of endpoints to attack with. Controlling so many user accounts allows hacktivists to flood weak targets with massive amounts of packets until the site or system crashes.

DDoS attacks are some of the most dangerous threats in the cybersecurity landscape. Costing approximately $40,000 per hour, CISOs can’t afford to fall behind on hacktivist DDoS security.

How to Avoid a Hacktivism Disaster

Studies show that user devices factor into 82% of web app attacks and 95% of DDoS attacks involve credentials that were stolen from the users themselves. It’s clear that protecting endpoints is an essential start to defending your organization from hacktivists.

Identity access management is key to hacktivism security. Information Age reports that “if you are not already using multi-factor authentication, then start using this, at least for sensitive applications and those that are public-facing.” Total control of mobile endpoints isn’t 100% feasible, but CISOs must do everything they can to prevent phishing attacks that may lead to the dangerous DDoS attacks that hacktivists conduct.

One thing that IT can control is network design. It’s not enough to just deploy a firewall and threat detection solutions hope that it protects you from every attack – you need to be sure that your defenses are set up to work the heavy load conditions generated by DDoS attacks. That means architecting a solution that includes system redundancy and load balancing of traffic across all appliances. As attacks become more sophisticated and targeted, it is critical that companies eliminate known weaknesses as quickly as possible.

Download, How to Determine Your Baseline Traffic, by Tim O'Neill, for a step-by-step guide with typical measurements and screen shots.