Hacktivism: Fearmongering or Real Threat?
With the recent relaunch of Operation Icarus, the hacktivism group Anonymous is back in the spotlight. This campaign is centered on committing distributed denial-of-service (DDoS) attacks targeting banks around the world. Its latest alleged victims? The Bank of Greece and the Central Bank of Cyprus, among others.
According to HackRead, the Bank of Greece websites experienced a series of outages that alleged Anonymous members claim is the result of DDoS attacks causing servers to remain offline for several hours. In a statement to Reuters, a bank official explained, “The attack lasted for a few minutes and was successfully tackled by the bank’s security systems.”
Motivated by political or social interests, Anonymous is a somewhat disconnected collection of self-interested groups. However, with an issue that resonates with the wider collective, such as the corruption of financial institutions — the reported motivation behind Operation Icarus — Anonymous is still capable of significant attacks. In another recent example, Anonymous hacktivists claimed to target the servers of Thailand’s police, stealing and leaking private information about its officers and evidence.
Hacktivism Over Time
The alleged DDoS attacks against the Bank of Greece and Central Bank of Cyprus are just two incidents in a long list of alleged and actual attacks that fall under hacktivism. This type of cyberattack is not a new phenomenon, and Anonymous is not the only hacktivist group making headlines.
There have been numerous campaigns or operations from multiple groups over the years. IBM X-Force security incident data tracked more than 180 incidents involving hacktivists since 2011.
Source: IBM X-Force
Of the incidents where the attack type is known, more than 70 percent involved DDoS attacks. While just over half of the targets have been based in the U.S., organizations in countries across the globe have been affected — from Canada to Germany, from South Africa to Hong Kong.
In terms of industries targeted, one might think hacktivists would mostly go after governments. Although this did rank second, it only made up approximately 28 percent of the targets.
Don’t Base Your DDoS Mitigation Strategy Around a Particular Campaign
With the launch of each new operation, IBM Security customers often look for guidance on how to respond. Separating fact from fiction can be a challenge, especially considering the recent revelations that fake DDoS threats have netted over $100,000 by cautious businesses who were willing to pay for protection from a perceived threat.
Sometimes it’s like the boy who cried wolf: There is little risk of attacks being carried out, and the campaign ends up being more like a hoax. However, many threats have come to fruition, and the proverbial wolf has shown up.
So how much weight should be given to these operations? It’s difficult to quantify. The situations are often dynamic and subject to change. It’s important for organizations to remain vigilant if they’re the target of one of these DDoS campaigns — even if their name does not appear on a target list.
Prevention Strategies for DDoS Attacks
There are multiple ways to help proactively prevent DDoS attacks:
- Applying software updates and patches helps to prevent buffer overflows and the exploitation of software vulnerabilities.
- Intrusion prevention systems (IPS) can act as a first line of defense for some types of denial-of-service attacks and can mitigate targeted attacks that often occur under the cover of a DDoS.
- Proper configuration of firewalls and access control lists can mitigate other attack vectors.
- If you have a website, contact your Internet service provider (ISP) and specifically ask how it protects against DDoS attacks. A good starting point is to look at the ISP’s terms and conditions.
- Consider a managed security solution that deflects and absorbs DDoS traffic in the cloud before it reaches the target.
- With some DDoS attacks, it’s difficult to distinguish the legitimate traffic from the malicious. In this case, the best defense is a comprehensive incident response plan including failovers and methodology for identifying, analyzing and neutralizing the threat.
- Test your protection and your team’s response capabilities by simulating DDoS attacks. Regularly scheduled attack simulations allow companies to measure their reaction and protection levels within a controlled environment.
For more guidance on how to protect your company from these kinds of attacks, the IBM white paper “Extortion by Distributed Denial of Service Attack” provides additional recommendations for threat prevention and mitigation.