Hacktivism is defined as the misuse of digital tools, such as hacking, with the aim of promoting a sociopolitical agenda or encouraging civil disobedience. In its most harmless version, hacktivism can be defined as “digital vandalism”, causing frustration and disruption within companies. However, in the most serious cases, it can lead to information leaks, data interception, misappropriation of assets, and even systematic damage to the reputation of an organization or even a country. In short, its consequences can be catastrophic.
Recently, hacktivism has been a reflection of real-world tensions and conflicts, as evidenced by events related to the Russian-Ukrainian conflict and the war between Hamas and Israel. Although the influence and impact of cyberattacks and hacktivism are less during periods of major conflict, the number of incidents increases as the digital and physical worlds come together.
Governments and multinationals as targets
Hacktivist groups typically target government agencies because they often hold differing points of view and have the power to make change. They also target multinationals that are “harmful” or have a negative impact on society or the environment. Until recently, it was impossible to say the word “hacktivist” without immediately thinking of Anonymous, the group responsible for large waves of peaceful digital protests, often in the form of distributed denial of service (DDoS) attacks, to present their vision of truth and justice in the world.
Although Anonymous popularized the term, “hacktivism” is a real and much more serious threat to businesses and government agencies. Our research shows that the average number of weekly cyberattacks is up 8% globally (the largest increase in two years). This increase is largely driven by artificial intelligence, the escalating threat from organized ransomware groups and hacktivism.
The past year has seen the emergence of state-affiliated hacktivism, where groups of organized hacktivists select their targets based on geopolitical agendas, sometimes with funding or direct orchestration from governments themselves. Take for example the Russia-affiliated Killnet group, which targeted Western healthcare companies in early 2023 with a series of DDoS attacks in response to Western support for Ukraine. Or Anonymous Sudan, a group that first appeared in January 2023 and has targeted airlines like Scandinavian Airlines and other Western companies, with a backdrop of promoting a pro-Islamic discourse. The group claims to be carrying out a counter-offensive operation and chooses Western targets in retaliation for alleged anti-Muslim activities. Microsoft was one of the group’s latest targets, and the Outlook email service and Azure hosting platform were heavily disrupted.
The new face of hacktivism
Today we are witnessing an evolution of hacktivism. It is no longer the work of an individual or a group of individuals, but of coordinated companies, often under the aegis of a State, and whose motivations are ideological. However, while ideology can unite and empower malicious actors, the democratization of technology has played a crucial role in the diffusion and proliferation of hacktivist activities. Artificial intelligence, and in particular generative AI, is an example of an extremely powerful tool, barely regulated and within everyone’s reach. Despite companies’ significant efforts to leverage AI capabilities in their cyber defense strategies, malicious actors and hacktivist groups are stepping up their attack strategy.
Technologies like generative AI certainly make the creation of malicious code easier and more accessible, but cyber actors continue to exploit traditional vectors. They don’t use AI to improve the malware itself, but rather how it is delivered. These traditional vectors remain popular, but AI makes it more difficult to identify fraudulent domains and fake emails.
AI can also help orchestrate more precise and faster DDoS attacks. A DDoS attack is when a server or website is flooded with artificial traffic requests to the point that it becomes saturated and stops functioning. This year was marked by an unprecedented DDoS attack, with a peak of 71 million requests per second. Enough to portend the worst for the future.
Limit exposure to hacktivist attacks
Hacktivist attacks are ideological in nature, so for some companies (especially those in the public sector) these attacks are inevitable. Some organizations will find themselves in the crosshairs of hacktivists simply because they exist, even if there is little to steal or they have no financial interest. Associates, suppliers and customers of targeted businesses may also find themselves caught in the crossfire. In other words, no one is safe. Being faced with a hacktivist’s cyberattack is often inevitable, so it’s just a matter of time.
However, private and public sector companies can put measures in place to reduce, to some extent, their vulnerability to attacks or at least minimize the risk of being seriously affected. Data backups, for example, will limit the power of a ransomware attack on a business. They will also make it possible to better manage cases of data falsification or destruction by hacktivists. Educating staff about cybercrime is vital to reducing the risks associated with “lookalike” domains and phishing tactics. Likewise, zero-day phishing detection technology is crucial for spotting attempts to exploit known vulnerabilities that developers or vendors have not yet had time to patch.
The future of hacktivism
The future of hacktivism looks complex, between operations organized by certain States and popular movements. State-affiliated hacktivism is now an established threat. Tactics are therefore likely to evolve and be perfected (thanks to external funding). Hacktivist groups, especially those that are clearly state-controlled, will likely rely on large botnets to carry out DDoS attacks at an unprecedented level. The record for DDoS attacks, with more than 71 million requests per second, demonstrates the escalation of this trend.
Signs of cooperation between diverse groups, such as the collaboration between pro-Islam oriented Anonymous Sudan and Russia-friendly Killnet, point to a future where hacktivists could form alliances to share profits, regardless of their respective ideologies. . This convergence could lead to more coordinated and impactful attack campaigns. Increasingly, these groups are hiding their true intentions behind attacks that appear politically motivated. Hacktivist threat actors therefore use ransomware campaigns to finance other activities.
But it’s not just about government actors. Grassroots hacktivism, motivated by social, environmental or regional political causes, will continue to play an important role. As global issues such as climate change and human rights continue to gain attention, we can expect a resurgence of decentralized hacktivist movements. These groups, although they do not have the same resources as their state-funded counterparts, nevertheless have the potential to cause significant disruption, especially when they manage to mobilize the online community around the world around a common cause.
We’re also seeing a greater influence from technology, as deepfakes have become a common tool in the hacktivist arsenal. Deepfakes have made it possible to impersonate important people and create propaganda during times of conflict, as seen with Ukrainian President Volodymyr Zelensky. It is relatively simple to acquire these tools and use them in social engineering attacks that want access to sensitive data.
In summary, as we enter 2024 and for years to come, the distinctions between state-sponsored cyber operations and traditional hacktivism will blur. Global organizations will need to prepare to face a diversity of cyber threats, each with very specific motivations and tactics.