In today’s politically charged climate in the United States and around the world, political activists increasingly are putting down their protest signs and going online to carry out cyber attacks in the name of their causes.
The combination of hacking and activism is nothing new; the first such attacks date back to the 1980s and the term “hacktivism” — the merging of hacking and activism — was coined in 1996. The activity continued to grow in 2016, most notably with allegations of online meddling during the U.S. election, and shows no sign of slowing down in 2017.
Groups such as Anonymous and WikiLeaks have garnered international attention for releasing confidential emails and other sensitive data stolen by hacktivists who broke into government and business networks. In some cases, hacktivists have unleashed damaging DDoS attacks to shut down a company’s network, held sensitive customer data for ransom and carried out other types of campaigns against online targets.
For companies and organizations, hacktivism represents a real security risk that must be accounted for as part of a comprehensive cybersecurity strategy. A hacktivist can strike at any time, with or without warning, but there are some steps that can be taken to help prevent hacktivist attacks from happening or to mitigate damage in the event one does occur.
Are you a Hacktivist Target?
When it comes to hacktivism, it seems no industry is safe from this type of targeted attacks. From healthcare to retail, financial services and entertainment, hacktivists may target your secure systems in an attempt to gain visibility for their causes, causing damage to your brand’s reputation and credibility and resulting in millions of dollars paid to settle consumer claims.
Anonymous and WikiLeaks are the most well-known hacktivist organizations in the world and are responsible for many of the high profile attacks in recent years. These hacktivist groups have engaged in protests involving releasing information, such as private emails and confidential bank records, into the public domain. Other hacktivists have shut down companies with distributed denial of service attacks (DDOS) or defaced websites, all in the name of their causes.
Who’s Talking About You?
In addition to ensuring that basic cybersecurity safeguards and processes are in place, a company’s security team may need to enhance proactive monitoring of what is being said about the company online. Having a social media listening or other monitoring strategy in place to help keep tabs on what is being said on blogs and in social networks about your brand or company can help identify whether you may be the next target of a politically motivated hacktivist attack.
In some cases, a company or organization may even opt to infiltrate online groups in an effort to be aware of risks and to disrupt activities. By posing as a member of a hacktivist community, the person can advise on specific threats against the brand as well as monitor discussions of hacktivist attacks against other organizations. This strategy of course carries with it the possibility of the planted undercover agent being exposed, which could lead to a public relations disaster of its own.
Watch for Internal Attacks
In some cases, a hacktivist attack can come from within the organization. Current or former employees or vendors may choose to participate in cyber protests utilizing their work computers or leveraging their access to and knowledge of your sensitive data and security posture.
Even if your employees don’t carry out a hacktivist attack on their own, they can install software on your network to permit an attack or otherwise leave the door open for other cyber criminals to enter your secure environment and do damage.
Monitoring internal computer activity, such as misuse of security credentials or violations of company policies regarding accessing sensitive data, can help identify and stop internal hacktivism before it happens.
How to Guard Against Hacktivism
- Proficio offers advanced threat intelligence services to monitor and detect online activities, which can signal a hacktivist attack is in the works. Our cybersecurity analysts use sophisticated software to comb through the dark web, including social media sites such as Pastebin, for leaked credentials and other sensitive data hackers use to carry out hacktivist attacks.
- Conduct penetration testing as part of a vulnerability assessment to identify potential weaknesses in your network before hacktivists can.
- If you have already been targeted by a hacktivist attack, time is of the essence to prevent further damage to your secure network. Emergency response services can help isolate the threat, respond quickly and appropriately to prevent its spread and repair any damage already done.