Hacktivism evolving: Bad news for organizations everywhere

SeniorTechInfo
4 Min Read

Business Security, Critical Infrastructure

The Evolving Threat of Hacktivism: Blurring Lines and Heightened Risks

Hacktivism is evolving – and that could be bad news for organizations everywhere

Hacktivism surged back into mainstream consciousness with Russia’s invasion of Ukraine in February 2022. Less than two years later, politically-motivated groups and individuals were out in force again, this time ostensibly to make their point amid the Israel-Hamas conflict. Worryingly, hacktivists have been spotted using increasingly sophisticated and aggressive tactics to bring their agendas to public attention.

Perhaps even more disconcerting is the likelihood that many groups are, in fact, either backed by, or even consist of, nation-state actors. Indeed, the lines between state-sponsored cyber operations and traditional hacktivism have become fuzzy. In a world increasingly characterized by geopolitical instability and an erosion of the old rules-based order, organizations, especially those operating in critical infrastructure, should consider building the hacktivist threat into their risk modelling.

What’s new in hacktivism?

At its most basic, hacktivism is the act of launching cyberattacks for political or social reasons. As an indication of the seriousness with which it is now viewed, the Red Cross last year issued eight rules for “civilian hackers” operating during wartime, all while noting that hacktivists are increasingly causing disruption to non-military targets such as hospitals, pharmacies, and banks.

READ ALSO: ESET APT Activity Report Q4 2023–Q1 2024

Predictably, there’s been little sign of hacktivists adhering to the guidelines issued by the Red Cross. Indeed, with attribution still difficult online, the pros of engaging in hacktivist activity still largely outweigh the cons – especially if attacks are secretly backed by nation states.

How organizations can manage hacktivist risks

In many ways, whether the hacktivist threat comes from genuine groups, those aligned with state interests or covert nation state operatives themselves, the threat remains the same. Such groups are increasingly targeting private sector organizations with the audacity to speak out on politically sensitive issues. In some cases, they may do so simply if there is a perception that the organization is aligned to one side or another. Or as a smokescreen for more shadowy nation state goals.

  • Ask the right questions: Are we a target? What assets are at risk? What is the extent of our attack surface? Are existing measures enough to mitigate hacktivist risk? This is where a thorough cyber-risk assessment of externally facing infrastructure can help.
  • Plug any gaps revealed by such an assessment, including vulnerabilities or misconfigurations – ideally this should be done in a continuous and automated manner.
  • Ensure assets are protected from threats at an email, endpoint, network, and hybrid cloud layer and continuously monitor for threats with XDR/MDR tools.
  • Enhance identity and access management with zero trust architecture and multi-factor authentication (MFA) and keep an eye out for suspicious data access patterns.
  • Use threat intelligence to gather, analyze, and act on information about current and emerging threats.
  • Apply robust encryption, both at rest and in transit, to protect sensitive data from being read or modified by unauthorized parties.
  • Run continuous employee education and awareness training programs.
  • Partner with a trusted third-party for DDoS mitigation.
  • Build and test a comprehensive incident response plan.

Hacktivism is nothing new. But the increasingly blurred lines between ideologically/politically motivated groups and government interests make it a more potent threat. It may be time to rethink your risk management planning.

Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *