Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Op-Ed: The evolving threat of hacktivism in a digital world

Hacktivism, the combination of hacking and activism, has emerged as a prominent tactic in cyber warfare and led to widespread disruptions across various sectors.

user iconAshwin Ram, Cyber Security Evangelist at Check Point Software Technologies
Fri, 29 Nov 2024
Op-Ed: The evolving threat of hacktivism in a digital world
expand image

Initially viewed as a niche activity, hacktivism has evolved into a sophisticated digital threat, frequently targeting governments, financial institutions, and critical infrastructure. This evolution has reshaped the cyber security landscape, demanding a strategic response from both public and private sectors worldwide.

The rising impact of hacktivism

Hacktivism has moved beyond isolated incidents, becoming a staple in modern digital conflict. The early days of hacktivism focused on ideological expressions, often involving website defacements or distributed denial-of-service (DDoS) attacks aimed at drawing attention to social causes.

============
============

However, recent years have seen a marked increase in the scale, coordination, and severity of attacks, pushing hacktivism to new levels of operational sophistication.

Notable campaigns, such as #OpAustralia, allegedly had over 300 attacks ranging from DDoS, defacement, doxxing, and breach-and-leak attacks, and have targeted government websites, financial systems, and even cultural institutions, revealing the substantial impact that well-coordinated hacktivist operations can have on national and regional stability.

The #OpAustralia campaign caused significant disruption. Several regional airports, universities, and some local councils felt the impact of DDoS attacks. Successful attacks were also mounted against the Royal Adelaide Hospital and the Royal Children’s Hospital in Melbourne and the Port of Melbourne.

Examples of attacks

A landmark moment in cyber warfare occurred during the Russia-Georgia conflict, which began in 2008. Russian-backed threat actors, working in coordination with state actors, launched cyber attacks on Georgian government websites, including those of the president, parliament, and Ministry of Foreign Affairs, as part of an early disinformation campaign.

These attacks severely disrupted communication, spreading fear and confusion among the Georgian population. The Russia-Georgia conflict demonstrated that cyber attacks could complement traditional warfare by destabilising key government operations and set a precedent for state-sponsored hacktivism.

Today, hacktivist groups often align themselves with political ideologies and national interests. A manifesto released by the hacktivist group NoName057(16), for example, explicitly condemned what it termed “Russophobia” and pledged to retaliate against any hostile actions directed at Russia.

This rhetoric indicates an ideological shift, as hacktivist groups increasingly adopt nationalistic and defensive stances. The fusion of hacktivism with nationalistic agendas underscores the blurring lines between individual activism and state-backed cyber operations, suggesting that hacktivism is now a key weapon in the global political arsenal.

The Viasat takedown: Hacktivism at a new level

On 24 February 2022, the Viasat KA-SAT modems used for internet connectivity by Ukrainian armed forces were rendered inoperable due to a targeted cyber attack. This action not only disrupted Ukrainian military communications but also affected 5,800 wind turbines in Germany, underscoring the potential for cyber attacks to have cascading effects across borders.

Viasat later confirmed that around 30,000 modems were impacted by malware dubbed “AcidRain”, designed to wipe data from modems and routers. AcidRain joins a growing list of destructive malware types, including WhisperGate, HermeticWiper, and SwiftSlicer, which are deployed to disrupt and disable critical infrastructure.

These types of malware pose immense risks to government and civilian networks, emphasising the urgent need for cyber security measures to quickly identify and neutralise such threats. The sophistication of these malware strains also illustrates the resources that hacktivist groups now have access to – potentially aided by state support – as they launch increasingly destructive attacks on critical infrastructure.

Cyber security misconfigurations create critical vulnerabilities

Despite advancements in cyber security, misconfigurations remain one of the most significant weaknesses in corporate and governmental networks. Hacktivists and threat actors often exploit poor security practices such as misconfigurations, default software settings, poor patch management, and hard-coded credentials.

Meanwhile, distributed denial-of-service (DDoS) attacks have long been a preferred method for hacktivists to disrupt services and draw attention to their causes. These attacks overload servers with requests, rendering websites and applications inaccessible.

With the rise of automated tools and botnets, hacktivists can now launch larger-scale DDoS attacks with greater ease. Web application vulnerabilities, such as weak input validation, provide additional attack vectors. Hacktivist groups often share information about these vulnerabilities on forums and messaging platforms, allowing them to co-ordinate and amplify their efforts with increased precision.

The role of AI in enhancing cyber defences against hacktivist attacks

Given the rapidly evolving cyber threat landscape, artificial intelligence (AI) is emerging as an indispensable tool for detecting and mitigating cyber attacks. AI-driven security platforms can analyse vast amounts of data to identify threats, share threat intelligence between different security controls, and quickly respond to threats.

By automating the detection and response to cyber attacks, AI-driven security platforms enable organisations to react swiftly, mitigating threats before significant damage occurs.

Inevitably, some businesses in select sectors will find themselves in the crosshairs of hacktivists purely for existing, even if there is little to steal or no financial incentive. This supply chain, which includes the partners, suppliers, and customers of targeted organisations, can also get caught in the crossfire, leaving nowhere truly safe. Being impacted by a hacktivist-led cyber attack is not necessarily a matter of if, but when. Therefore, having a robust supply chain risk management solution is crucial for organisations to understand and manage risks originating from trusted upstream and downstream business partners.

Some additional essential steps that businesses in both the private and public sectors can take, if not to limit their exposure to attacks, then limit their exposure to the risk that comes with being swept up in an attack, are backups and a prevention mindset. Robust data backups, for instance, have the potential to limit the impact of any ransomware attack on a business and make it easier to address the tampering or deletion of data by hacktivists.

Customised cyber awareness training tailored for specific teams has been shown to reduce the likelihood of falling victim to phishing attacks. However, adopting zero-phishing technology, which can detect zero-day phishing attempts – so called because they exploit unknown threats that vendors have “zero days” to fix – should be a top priority for every organisation.

A new era of cyber security challenges

Hacktivism, once regarded as a fringe activity, now plays a central role in digital warfare. The increasing complexity and destructiveness of hacktivist attacks demand a renewed focus on cyber security.

To guard against DDoS attacks driven by hacktivism, organisations must implement a multi-layered defence strategy. A key step is to deploy cloud-based anti-DDoS solutions that can automatically detect and mitigate abnormal traffic patterns while leveraging the scalability and the power of the cloud. Cloud-based DDoS protection services are particularly effective as they can absorb large volumes of traffic, preventing the attack from overwhelming an organisation’s internet-facing infrastructure. Additionally, content delivery networks (CDNs) can distribute traffic across multiple servers, reducing the risk of a single point of failure.

As cyber threats become more intertwined with political agendas, the importance of proactive defence measures and international cooperation cannot be overstated. By acknowledging the evolving nature of hacktivism and investing in advanced cyber security solutions, the global community can better safeguard against the ever-present threats posed by this new era of digital activism.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.