Between enterprise security breaches and international cyber crime, the media often gets so wrapped up in the weeds of an incident that it leaves many wondering: who are the actual people behind these attacks?
More often than not, they are criminal organizations or foreign governments. Yet many times it ends up being a single group of “hacktivists” orchestrating many of these attacks. They are attacking systems, leaking data, and putting pressure on the cyber community in an effort to influence political activity. Hacktivists use a variety of system attacks to gain access to personal computers and steal data. Organizations like Anonymous and LulzSec use their skills to point out flaws in the system, draw attention to a cause, provoke governments, and gain media coverage.
While hacktivism only seems popular now, its roots date back to 1984, with the hacktivism collective “Cult of the Dead Cow,” most known for their anti-censorship efforts. Humanity’s long history of activism moved online just like everything else in our lives.
Today, the news is covering foreign hacktivists in Ukraine, doing what they can to help their country by using their skills to attack Russian technology systems. One Ukrainian hacktivist reports coming to his computer every morning and spamming Russian websites with traffic, known as a distributed denial of service (DDoS) attack. It is the easiest attack to execute and many other hacktivists are following suit. While this particular hacktivist has no formal affiliation with Ukraine’s cybersecurity division, he does this on his own because he believes in the cause.
Other common attacks include doxxing and defacement. Doxxing refers to the act of stealing data and then publishing it for wider audiences. Defacement is the act of breaking into a website and altering its appearance to spread a new message to visitors.
What can my organization do?
While not all hacktivism is bad, a malicious attack on an innocent organization is not unheard of. There are several steps companies can take to protect their assets so they don’t get caught in the crossfire.
First, every organization needs an incident response plan shared within the security organization. There should be an automated response to incidents that quickly captures an incident and begins locking down systems. After the automated response, have a detailed plan for how to further protect your company and respond to the incident.
Organizations can increase their overall security posture across the board by implementing two-factor or other multi-factor forms of authentication for all employees. This can prevent attacks like credential stuffing.
Regular audits of the monitoring system are also crucial for identifying bugs early on. Consider also purchasing a firewall, safe browsing tools, and other security software as needed.
By taking just these simple steps, an organization can feel more comfortable protecting its assets in uncertain political climates and with increasing crime online.