Speaking out, safely: Mitigating the risks of the new global hacktivist ecosystem.

What happened? 

The incidence of “hacktivism” (that is, cyber crime designed to draw attention to a political cause) is rising. In the last two years, a global ecosystem of hacktivist groups has emerged, catalysed by the Russia-Ukraine war and now reinvigorated by the Hamas-Israel conflict. Today’s hacktivist activity increasingly doesn’t fit the anarchic, decentralised model of older hacktivist groups like Anonymous. Some prominent groups in this new ecosystem are, we suspect, funded by foreign governments, as we’ve written about here. They’re also quick to repurpose their attention, social network and infrastructure to the latest high-profile issues. Within 48 hours of Hamas’ attack on Israel, we counted at least 30 hacktivist groups pivoting to that conflict. That number is now over 126.

How could this impact me and my organisation? 

Hacktivists are increasingly targeting private sector organisations in reprisal for the diplomatic decisions of the governments where they operate. Most concerningly, we’ve observed hacktivists target organisations whose leaders or staff take public stances or speak out on issues associated with geopolitical tensions. A key role business leaders take within their organisation and the community is to set a standard of behaviour, to build consensus and at times to call out injustice. Threats of a disruptive minority should not be allowed to curtail free speech or hold business operations at risk. 

Hacktivist groups overwhelmingly seek to disrupt through distributed denial of service (DDoS) and website defacements. Hacktivist groups are media savvy and want to raise awareness of their activities. While DDoS may only temporarily disrupt operations, hacktivist groups often continue to advertise any outage via social media. Traditional media have also republished these posts, extending the publicity. CyberCX has also observed some self-proclaimed hacktivist groups using complex infrastructure and command and control systems to launch DDoS attacks. This tradecraft is harder to detect and defend against. 

Hacktivist targeting is omnivorous. In our region, we’ve observed hacktivists targeting organisations in the financial services, energy and utilities, government, higher education, healthcare, media and transport sectors in general reprisal for government policy positions. We’ve also seen individual organisations targeted where they’ve made public statements in relation to geopolitically contentious issues.  

How could this threat change? 

Right now, most hacktivist activity is disruptive, but not dangerous. However, cyber crime is becoming increasingly cheap and commodified. The growth of business models like ransomware-as-a-service could enable the global hacktivist ecosystem to evolve their tradecraft and seek to create more significant impacts.  

As geopolitical flashpoints change, the targeting of the hacktivist ecosystem will change too. We think it’s likely that more capable nation-state actors will also hide their activity in hacktivist noise. Organisations need to keep a close eye on geopolitical shifts and how these could change their cyber threat profile. 

What should I do? 

CyberCX Intelligence is not advocating self-censorship. Understanding threats and how they might be mitigated empowers organisations to speak out, safely. 

Understand your threat profile 

• Talk to your IT or Security department in relation to resilience to DDoS and website defacement attempts. 

• Assess whether your sector or organisation is already a likely target of malicious activity. 
• Monitor public messaging of hacktivist groups in relation to anti-Australian campaigns. 

Take precautionary steps 

• Ensure playbooks are in place to deal with DDoS, website defacement and cyber extortion. 
• Test DDoS mitigation measures. 

• If you’re not already, consider outsourcing hosting of your web presence or hosting it on separate infrastructure to business operations. 

Security starts in the c-suite. Executives are high-value targets. Well-connected, they’re gateways to their organisation, sensitive information and professional network. High-profile, they’re easy to find. Trusted and influential, their brand is readily exploited. C-Suite Cyber helps business leaders master their cyber risk.

About CyberCX Intelligence

CyberCX Intelligence is a uniquely Australia and New Zealand focused capability. We have the information, access and context to give executives a decision advantage – whether that’s minimising their personal risk or leading their organisation’s risk posture.

Want more? Contact cyberintel@cybercx.com.au to explore how you could partner with cyber intelligence experts who speak your business language and know your sector. You can also subscribe to Cyber Adviser, our bite-sized monthly intelligence newsletter.