Hacktivism is no new threat to the cyber community in the Middle East. Two of the world’s most notorious hacktivist groups claim roots in the region and ongoing political and social turmoil have made this a hotbed for such activities. Just recently in in May the OpDjibouti started to sweep over the UAE with a target list of more then 200 government entities around the country as well as a number of private organizations operating in the UAE, and it is not over yet as other targets under the codename OpUAE, OpSaudi, OpBahrain etc. is publishing daily target lists which the attackers can then paste into their attack tools and automate attacks. The tagline from the attackers says “ dDos 10 minutes a day to keep the troubles away”
Historically these form of attacks where often focused around government entities, but now, there is a more widespread target list, which the hacktivists even publish under specific target list depending on industrial vertical and country.
With big name brand in the region being almost synomomyous with the countries in which they operate, targeting corporations is proving to be an effective means to garner media attention. Worse still, we are now seeing offshoots of basic hactivism such as state funded hactivism and even cyber terrorism- both of which are harder to combat and far more damaging. Why the threat will worsen A prominent factor in the increasing scale of hacktivism is that any organization today is now depending on IT in operating their organization varying from being able to interact with customers, business partners or even down to controlling how their business is run.
Furthermore as our web-presence is today an important part of any company’s brand there is a great deal of embarrassment and brand damage associated with such attacks.
With ‘Smart Cities’ and ‘Smart Governments’ set to soon become realities in the Middle East, the impact of hacktivism, and consequently the motivation to do so, is far more pronounced. Why the explosion of Hacktivism is not just bad One of the benefits with hacktivism exploding is that the spread of the attacks becomes thinner. If we just go back a few years the target lists would just have one or two sites on them, which means all the attackers would aim their guns at a single organization – meaning the attack load became much bigger for the individual organization.
Today with the explosion of attacks and target lists of course the attacks will be spread more thin, and to some extend there is also a notion that some of the attackers may become a bit “battle fatigue” from keeping up with all of the target-lists being published – One need to remember that the attacker is not necessarily a professional, but someone who is doing this for fun or personal motivation.
However, what is also happening is that the firepower of the attacker becomes bigger as computing power evolves. Today you can “rent” dDos environments which can create problems to even a large environment. Many of these environments are located on some of the public cloud environments, so taking them down or blocking the traffic can be extremely difficult without impacting other environments running in the same public cloud. Combatting Hacktivism When talking about hacktivism anyone must understand that it is not a lost battle, and there is a lot you can do not to be an easy target. By making yourself harder to impact you will ultimately be less likely to be impacted as there will always be someone else out there, who is easier to attack. You simply want to make sure you do not become a low hanging fruit, which will be picked first.
The first step is really to ensure that the defenses are correctly deployed, which means understanding if you are vulnerable or how robust you are to the attack methods a hacktivist will usually be utilizing.
As an example understanding the type of devices connecting to your website is a great first step, which not only make the attack much more difficult, but also saves you the hassle of having to identify attacks in your applications, as the attack is already dropped.
The next step is to understand if you have vulnerabilities, which may be explotable by attackers to upload backdoors or deface your website by placing a political message on your landing page. If you are unable to establish this yourself you need to work with professionals to figure out if you are a target – In Help AG we employ a team of ethical hackers, who utilizing their technical skills assess and exploit customer’s environments in order to be able to report and fix the vulnerabilities before a hacktivist would do the same.
But it is also about looking out for the unknown – As good as you may be in identifying the vulnerability you may still be a target – As an example let us look at a defacement attack, how many organizations have measures in place to respond within seconds, not minutes or hours, to their website being taken over by attackers? Sadly, though the threat is very real, most organizations do very little to protect what is essentially a major customer touch point for their business. Services such as Help AG’s cloud-based Co-ordinated Threat Mitigation (CTM) are available and these continuously monitor the state of a website and in case an unathorized change of the site takes place automatically replaces the malicious content or redirects traffic.
Given how easy it is to procure cyber weapons and how little risk there is to their use, cyber criminals are bound to increase their usage of hacktivism as a means to voice political frustration. As more business is taken online, the scope of hacktivism will grow. With the right strategies in place however, you can protect your business from becoming just another ‘anonymous’ statistic.