If you’ve been anywhere near the internet since the early 2000’s you’ll know who Anonymous are. But the truth is that’s just the tip of the iceberg – hacktivists are an incredibly large collective, and one could argue an enormous influence.
There are tons of groups – to name a few: Ghost Squad, DCLeaks, Decocidio, Milw0rm and of course Anonymous.
But what is a hacktivist, and how do we define one? A good way to think about it is to look back at all the other threat actors we’ve discussed – there’s something in common with all of them – they want either information or money. For hacktivists, hacking isn’t about any of that – it’s morals. Hacktivists are hackers that use their skills to influence policy and bring change.
Interesting bit of trivia actually – the term “hacktivist” was originally coined in 1994 by a hacker group known as “Cult of the Dead Cow”.
So why would a hacktivist target your business? After all you’re not some big bad multinational corporation hell bent on enslaving all of humanity.
Well here’s where it gets tricky – hacktivists have targeted companies in the past that just so happen to have an organisation they’re targeting as a client. That’s right – if you just so happen to refill the paper in an organizations printers and they’re caught doing less than savoury things, it’s possible your business may be marked as a target for hacktivists.
And this has actually happened before – a law firm that was involved in a high-profile case back in 2006 had their emails hacked and publicly released, breaching attorney-client privilege – not just for that one case but lots of others the firm was working on at the time.
It gets worse too – unlike the other threat actors we’ve discussed, hacktivists can vary greatly in attack complexity. At the bottom end just like script kiddies, there are distributed denial of service attacks and premade tools, all the way up to tactics like APTs, exploiting zero days to achieve network persistence.
So really what does this boil down to? Well because these attacks can vary so widely, we’re afraid there isn’t one, one size fits all solution.
Of course, we can make recommendations, like establishing a robust security strategy and calling in incident response if you suspect an attack is taking place.
At Skye technologies we’ve got a wealth of knowledge in helping customers implement their response plans and are well positioned to offer advice on your systems to help boost their security –making them more resistant to attacks. Get in touch today.