Hacktivism on the Decline

Cybercriminal acts of political activism, also known as “hacktivism,” typically consist of shutting down, or defacing, the website of an organization that is in opposition to a socio-political agenda. Other forms of hacktivism include the release of sensitive data, or takeover of key accounts. There is a thin line, and sometimes no line at all, between cybercriminals and hacktivists. Hacktivists may be a loose network of volunteers, or a highly-organized group of cyber criminals. They may act on their own accord, or they may be sponsored by a nation state. Their target may be a government entity, political party, industry organization or corporation. There have been many hacktivist groups, and probably the most famous of them all is Anonymous.

A recent Recorded Future report offers some good insights into the history of hacktivism, as well as its current state, in the United States and globally. The 26-page report states that hacktivism has declined in the past couple of years, partly due to improved cyber defense postures adopted by organizations, and partly because hacktivist organizations often rely on unskilled volunteers who rely on simple and outdated tools and techniques. The report notes that:

“Attack vectors used by hacktivist groups have remained largely consistent from 2010 to 2019, and tooling has assisted actors to conduct larger-scale attacks. However, company defenses have also become significantly better in the last decade, which has likely contributed to the decline in successful hacktivist operations.”

The decline of hacktivism is good news, but one should not rest easy and assume that this will result in a reduced risk of being the victim of a cyberattack. Bad actors across the Internet are now more focused than ever on generating cash, rather than just making their voices heard. And, although it is true that cybersecurity defenses have improved, the proliferation of IoT devices, over recent years, with their weak security architectures and default passwords, has made it easier for cybercriminals to harness those devices into malevolent botnets that can be used for a variety of money-making activities, including the threat of damaging distributed denial of service (DDOS) attacks. The pending rollout of 5G wireless communications will only add more firepower to this malicious capability and serve to fuel the continued proliferation of DDoS-for-hire sites, which make it easy and affordable, for anyone with a motive, to launch an attack.

It’s worth noting that the decline in hacktivism mirrors a similar decline in the massive DDoS attacks that were making headlines back in 2016 and 2017. Two years ago there were some extremely large DDoS attacks against high profile targets (i.e., DNS provider Dyn, security researcher Brian Krebs, and web hoster OVH) that garnered news headlines. However, there has been no corresponding decline in the number of DDoS attacks since then. In fact, quite the contrary. The trend is for today’s DDoS attacks to be smaller, in an attempt to evade detection and even bypass some DDoS defense systems. However, these lower-volume attacks can be just as damaging, because they can degrade network, web-site and application performance and even distract security staff from other malicious intrusions. Corero’s research shows that sub-saturating DDoS attacks have become more frequent and more sophisticated, with multi-vector attacks on the rise. The number of DDoS attacks continues to increase significantly, despite the decrease in those which make the headlines. In fact, it is entirely possible that hacktivists are still highly active, but now launching smaller targeted DDoS attacks instead, which don’t make headline news because many DDoS defenses don’t detect them.

It seems unlikely that hacktivism has gone away completely – like fashion, its time will almost certainly come again. DDoS attacks have been a popular, and easy, tool for hacktivists to get their point across, and they will almost certainly be again in the future. Therefore, organizations, corporations and government agencies that could be targeted by groups with socio-political agendas, or by nation-state hackers, should remain vigilant and make sure that DDoS mitigation technology is a key part of their security defenses.

For over a decade, Corero has been providing state-of-the-art, highly-effective, automatic DDoS protection solutions for enterprise, hosting and service provider customers around the world. To learn more, please contact us.

Sean Newman is VP Product Management, responsible for Corero’s product strategy. Sean brings over 25 years of experience in the security and networking industry, to guide Corero’s growing leadership in the real-time DDoS protection market. Prior to joining Corero, Sean’s previous roles include network security Global Product Manager for Cisco, who he joined as part of their acquisition of cyber-security vendor Sourcefire, where he was Security Evangelist and Field Product Manager for EMEA. Prior to that he was Senior Product Manager for endpoint and network security vendor Sophos, after having spent more than 12 years as an Engineer, Engineering Manager and then Senior Product Manager for network infrastructure manufacturer 3Com.