Have you ever tried to go to a website and the expected webpage was replaced or altered? The original contents gone and in it’s place are references to geo, political, or religious views? This is such a common occurrence that a word was coined, hacktivism, to differentiate these styles of attacks from hackers seeking different goals. As is the case with most things, even further classification of this diverse and truly complex hacking group is warranted and today we will cover three of the most common formations of hacktivist groups. As we build our defenses to protect our virtual borders from cyber threat actors it important to understand not only who they are and how they attack, but especially with this class of hacker, we must realize their “triggers”.
This group has become the face of all hacking in media today. Due to their strong use of social media and desire to be heard at all cost, attacks carried about by these groups tend to gain large visibility. The question you must ask yourself is “Who is 4-chan?” (if you do not know the answer, read on).
This group is by far the largest in members but fewest in unique separate organizations. This is because is like a hive or collective mind, it’s a group that acts under anonymity as the voice for the people. The starfish classification is because its has no head. There is no single leader that could be removed. This often leads to different
describes a problem this person has. An obstacle they face, a challenge they must overcome
describes the solution our protagonist put into place.
The headline is a summary of what this section of the pattern is about. This can be a product you’re reviewing, a step in a multi-step process or recipe, a core idea you want to convey.
describes a person or a story. It sets the scene and helps readers relate
describes a problem this person has. An obstacle they face, a challenge they must overcome
describes the solution our protagonist put into place.
The headline is a summary of what this section of the pattern is about. This can be a product you’re reviewing, a step in a multi-step process or recipe, a core idea you want to convey.
describes a person or a story. It sets the scene and helps readers relate
describes a problem this person has. An obstacle they face, a challenge they must overcome
describes the solution our protagonist put into place.
closes off your post. This is where you tell your readers what to do next, whether that’s leaving a comment, checking out another, related post, signing up to your newsletter or anything else that’s important to your business.
Everyday we hear about another hacking incident. These attacks have become so common that people are becoming numb to them. Who was attacked, the amount of data or money stolen, or where they it originated are almost trivial at this point. I believe it is time to start to understand the motivations behind the most common attacks in order to protect against them. I am bad at keeping secrets so I will spoil the ending; the reason is money. Let’s look at how these high-tech heists cash in.
Flooding the news headlines as of late has been the attack method of Ransomware. As a friendly bit of advice, the FBI will never lock your computer and ask for money.
Ransomware is an attack that first and most importantly encrypts key files on a computer. This encryption key is then made available after transfer of funds, most commonly bitcoin, to an offshore account of the threat actors choosing.
This attack is extremely effective, despite being quite easy to prevent, as it prays on the following.
This is an amazing source of income for organized crime. These attacks are automatic and require very little actual labor cost to implement. The targets do majority of the work by clicking on links, or leaving access to their environment wide open for an automated attack. Once implemented the target has two choices, pay or lose their data. The threat actor does not really care which, they do not pay much attention to who they are targeting this is purely a statistical approach. The more systems are effected the more instances where they will get paid. If you doubt how much successful they are, many new variations of Ransomware now provide a convenient chat sessions, where you can talk directly with the threat actors, in real time. They actually have customer services reps that are there to make the process smoother. Though they are stealing money from you, they want it to be a seamless experience. There is nothing worse for business then a complicated process for resolution or that the goods are not delivered as promised. People are often shocked to find that in most cases, the data is recovered after the ransom is met. It’s because of this and the overwhelming number of cases that law enforcement often recommends just paying the price.
Disturbed Denial of Service that is used for hacktivism (a topic for another day) or more commonly for profit. It is an attack that shuts down access to critical systems by flooding it with traffic. This often leads to systems being slow, nonresponsive sites or worse offline.
A threat actor will dump large amounts of traffic to key point in order to overwhelm them. The traffic commonly originates from large botnets. These botnets are large groups of machines (bots) that have been affected with malicious programs. These bots can range from servers to the new internet connected fridge you just bought. Once a command is sent out to the botnet all these machines will start sending traffic to the target. Its harmless when a few bots send out traffic, but when it becomes millions of bots, ouch. While it can be perceived as relatively harmless, the botnets are in fact one of the most fear weapons in existence. This is because it cannot be destroyed. The command servers or programs can be stopped or shutdown, but the delivery systems is too large and too diverse to be stopped. It will always be a digital loaded weapon.
Much like ransomware, this attack targets availability. Often the time of the attacks are picked to maximize the damage done and to motivate to meet the demands of the attacker. By choosing critical windows of time, they force the targets to have to make quick decisions under stress, which increases the odds of payout. It does not matter the speed nor the count of the systems, the gateway is what is being attacked. It is the narrow chokepoints of entry that exist in every application or process that a DDOS attack capitalize on.
The ability to utilize a large existing workforce (botnets) to deliver an attack to a very specific target is scary. What is more chilling is that anyone can have access to this attack method for an hourly rate. Currently the average cost is between $20 to $40 an hour. And if you think it’s only available to those who live in the “dark web”, I apologize for bringing bad news. You can search for DDOS for hire and numerous options will be presented. For the threat actor, its comes down do cost benefit analysis. How much can I spend an hour, and for how long in order to get them to give up. It is that simple. By applying great pressure and the critical time, these criminals can quickly and efficiently hold your business hostage.
Be it credit card information or personal identifiable information (PII), digital records are actively traded on the black market. The supply and demand for this underground economy is fueled by virtual thievery.
Either by attacking the users through social engineering, or by exploiting vulnerabilities of a program or system, threat actors gain access to the targets most critical data. These attacks are not stealthy nor do they try to be that discreet. They probe the environment for any opening and once found move in to quickly acquire the goods. Once found the info is quickly extracted and that’s it. These attacks are often prone to repeat attempts as the first attempts are not only successful, but unnoticed.
There are two reasons for the success of these attacks the driver and the enabler.
With the access to targets being in high availability, threat actors only have to concern themselves with the market demand for what they have. While an active credit card number with all needed information may go for under $20 each, a PII record can go for quite less. Even in volume, it does not drive much in the way of profit. The real money is made with what is done with the newly acquired records. Fraud, commerce and insurance, is a trillion-dollar industry. By taking advantage of the convenient “pay now, verify later” mentality that exits our virtual society, threat actors have created a very large revenue stream. This attack method will not be leaving anytime soon either. These has been going on for so long, that companies are putting the expected loses due to fraud into their budget and then passing the cost down to end users, who were the actual victims of identity theft to begin. This attack works, because its more cost effective for a business to increase the cost of goods, than to implement the correct solutions to protect the customer’s information.
It does not matter who was recently attacked or where it came from. It is important to start to understand why they occur and that these attacks will continue to happen. We can start to see that there are threat actors that are driven by the same numbers and metrics that a traditional business is. When it comes down to it, they are looking to make a profit, and for them business is good.
To learn more about this topic and many others regarding information security, sign up for our newsletter below or check out our other blogs, white papers or pod cast series.