Hacktivists Use of DDoS Activity Causes Minor Impacts

Fortify Security Team
Nov 4, 2022

The FBI defines hacktivism as a collective of cyber criminals who conduct cyber activities to advance an ideological, social, or political cause. Historically, hacktivist collectives conducted and advocated for cyber crime activity following high-profile political, socioeconomic, or world events. Coinciding with the Russian invasion of Ukraine, the FBI is aware of Pro-Russian hacktivist groups employing DDoS attacks to target critical infrastructure companies with limited success. Hacktivists provide tools and guidance on cyber attack methodology and techniques to anyone willing to conduct an attack on behalf of their cause. DDoS attacks of public facing websites, along with web page and social media profile defacement, are a preferred tactic for many operations. These attacks are generally opportunistic in nature and, with DDoS mitigation steps, have minimal operational impact on victims; however, hacktivists will often publicize and exaggerate the severity of the attacks on social media. As a result, the psychological impact of DDoS attacks is often greater than the disruption of service.

Hacktivists often select targets perceived to have a greater perceived impact rather than an actual disruption of operations:

  • DDoS attacks require little technical knowledge and hacktivists may leverage a wide range of open source DDoS services and tools to disrupt public facing websites.
  • High-profile targets including financial institutions, health and medical facilities, emergency services, airports, and government facilities are common targets of DDoS attacks.
  • Hacktivists typically claim responsibility of such attacks on social media to increase their credibility and falsely assert greater impact or disruption than what occurred.
  • Hacktivists also recycle previously disseminated information (whether exfiltrated or a compilation of publicly available information) to build credibility and imply a higher level of technical ability.
  • Hacktivists may post news coverage about their attacks, which can lead to repeat attacks or copycat attacks on targets that received a large amount of media attention.

Recommendations

DDoS attacks are of varying lengths of time and can be identified by:

  • Unusually slow network performance (opening files or accessing websites).
  • Unavailability of a particular website or the inability to access any website.

To mitigate a DDoS attack:

  1. Enroll in a Denial of Service protection service that detects abnormal traffic flows and redirects traffic away from the network.
  2. Create a partnership with your local internet service provider (ISP) prior to an event and work with your ISP to control network traffic during an event.
  3. Create a disaster recovery plan to ensure successful and efficient communication, mitigation, and recovery in the event of an attack.
  4. During and after a DDoS attack, monitor other network assets for any additional anomalous or suspicious activity that could indicate a secondary attack.

 

Recent Posts

Google Chrome Could Allow for Arbitrary Code Execution

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of the most severe of these vulnerabilities could...

Microsoft Patch Tuesday – 11/8/22

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs;...

Google Android OS Could Allow for Privilege Escalation

Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for privilege escalation. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches....