Solitaire Interglobal Ltd’s Global Security Watch has been tracking the impact of security incursions on businesses worldwide for close to 21 years. During that time there has been a large shift in the behavior of cyber attacks and the evolution of cyber threats. One notable pattern is that of what is currently called “hacktivism.” This particular type of cybercrime is perpetrated against individuals or organizations based on the attacker’s desire for a social or political statement. The most prevalent ones shown over the last two years are those that disrupt the ability of an organization to do business, although there are many other forms of hindrance.
This change in attacks has seen ripple effects throughout the market. Where social protest could at one time be marked by picket lines and protest marches, these days the difficulty in getting multiple people to physically be in the same place at the same time has been offset by organized groups or talented individuals launching retaliatory or preemptive attacks on the cyber operations and assets of organizations.
The tracking of hacktivism is hampered because the association of the incursion to motivation is frequently unknown at the time of the attack. Only some time after the assault will a group claim responsibility or make a statement to highlight their protest or concern. With most security organizations focusing on immediate threat response and architected protection, the association and analysis of attack classification have been not highly supported.
SIL retains and analyzes data on an ongoing basis. SIL patterns the behavior of both sides in this ongoing warfare as part of the need to understand their development and evolution. One way is to build and refine classifications that allow the determination of attack motivation.
The pattern of social attacks is changing. Whether it is because of the high degree of frustration in the worldwide community between individuals and organizations, or in response to the significant changes in political systems that have occurred over the last six months in some of the very largest countries, social activists have extended strongly into the world of hacktivism.
The following chart shows the rise in this type of incursion over the last four years. The significant increase in the percentage of attacks is alarming especially when considering the steep climb in the number of attacks themselves. As of the morning of April 11, 2017, the identified growth of activism from the same time period of last year is over 2.89 times what it was in 2016. That number represents 3.71% of the total 19.3 billion attacks reported to SIL during this calendar year.
In an additional area of concern, that number does not include those attacks that are suspected of falling into the hacktivism category. Such incursion motivations are usually determined over a period of 3 to 12 months, although a definite finding on some attacks is never obtained.
SIL identifies incursions as attributable only when they are more than 95% verified. In many cases, no absolute verification is possible.
The rise in social protest criminal activity has a significant impact on businesses. In the majority of these attacks, the motivation is tied to the policies, procedures, and positions of the organization. However, the protection of business assets is an ongoing struggle for any group that conducts its operations in an interconnected, cyber highway world. Strategies and protections against socially motivated incursions call for a different type of approach than do incursions that are motivated by other criminal objectives.
Ignoring the hacktivist activity can be an extremely costly blind spot for any security department. Although attacks by nation-states, criminal organizations, or individual attackers comprise a large majority of battles in cyber warfare, the damage that can be done to an organization from a socially-motivated hacker can be just as costly, and just as debilitating. A belief that anyone objecting on a social level is less dangerous, less educated, or less motivated is a trap that can materially affect any organization.
Is your organization is protected from social activism? Do you have strategies and procedures to handle the aftermath of a successful hacktivism event?
If the answer is no to either of those questions, your cyber security needs an update.