The Ashley Madison data breach of 2015 shows that non-financially motivated cybercrime is alive and well.
Experian's 2016 Data Breach Report predicts that 'hacktivism' was likely to experience a resurgence in the coming months. Citing recent high-profile attacks, Experian analysts warn businesses to stay vigilant. These types of breaches often have a goal of causing public embarrassment or exposure or harming operations, which can be more damaging than pure data theft for profit.
How are Hacktivists Different from Other Hackers?
Though most think of hacktivists as becoming prevalent in the last few years, hacktivism has been around for decades. Coined in 1996, the term hacktivism has included those fighting for free speech, protestors of war, and those wanting to expose unethical standards.
Any hacking that originates from a collective, whether political or financial in intent, is likely to be more sophisticated than an attack from an individual. However, the lines between the various "classes" of hackers, which include espionage groups, crime collectives, hacktivists, and single actors or script kiddies, can be rather blurred at times.
Government organizations have at times been popular targets, as are businesses of any size with missions that politically-motivated activists may perceive as unethical.
According to Third Certainty's podcast summary, this can include, but is not limited to:
- Agro-chemical Manufacturers
- Oil companies
- Pharmaceutical Companies
- GMO Food Companies
- Religious Groups
Not fitting into the above categories may not put organizations in the clear, as suppliers or companies with a form of business relationship with the industries listed above can be perceived to be at risk. Perhaps most importantly, ethics vary from not only business to business, the also from industry to industry.
Common Vulnerabilities Hacktivists Exploit
Since the intent of the politically-motivated attack is usually different from the goals of data thieves, the vulnerabilities targeted can be slightly distinct from the norm in the infosec realm. With common goals of ceasing operations, embarrassing stakeholders or customers, or damaging reputations, hacktivists often focus on the following nine areas of corporations.
1. Barely-Protected Phone Systems
Security consultant Paul Moore wrote on his personal blog that a staggering amount of VoIP implementations were using default passwords on phones, like "admin." This can defeat the purpose of a strong firewall. With easy access to your phone calls thanks to weak credentials, criminals can make calls, receive calls, upload new firmware, and use your phones for surveillance.
2. Weak Email Credentials and Phishing
Email leaks are among common forms of a hacktivist attack, many times with the goal of spreading sensitive information or exposing unethical individuals. In one such case, HackRead noted the broadly-advertised release of seven Baltimore Police Department employees' login credentials and passwords.
Avoiding similar embarrassment requires strong access governance, including frequent password changes. Vigilance against phishing is also important because email-launched attacks can drop the necessary malware to collect credentials.
3. Poorly-Protected Customer Info
The Ashley Madison data breach of 2015 was not just caused by an ethical conflict with the extramarital dating site's purpose. Wired shared the hackers’ official statement on the incident noting the goals included exposing both users and the company's business practices.
KrebsOnSecurity noted the credential use of a former employee or third-party contractor to gain access to the company's network. Ineffective MD5 hashing implementation and poor data disposal practices allowed full access to 37 million users' data.
Flaws in data storage security can allow hacktivists to perform similar attacks in any industry. With a lack of encryption, rooted servers can equal an all-access ticket to your protected information.
4. Source Code
Source code should be among the most highly-protected assets in any organization. Multi-factor authentication, an air-gapped (completely segregated) network, and high-quality source code management tools can make it more difficult for hacktivists to gain access, but these methods aren't bulletproof. Active intrusion detection and file integrity monitoring are critical to avoiding public disaster.
If hacktivists gain entry to your network, could they steal source code for your intellectual property? Or, maliciously modify it, damaging your ability to continue business operations?
5. Website Vulnerabilities
Both financially and politically motivated cybercriminals may use automated methods to discover website vulnerabilities and enable distributed denial-of-service attacks. Not only are website vulnerabilities a threat to your organization's compliance, but they may also represent an open door for hacktivists and data thieves.
6. OSINT Gathering
Social engineering is a relatively recent phenomenon among hackers of all types. By scraping open source intelligence (OSINT) on your company from social media and other sources, hacktivists may be able to gain the knowledge necessary to launch a highly sophisticated and targeted attack.
Social media profiles can reveal massive amounts of information about a target employee's demographics and even writing style. Other hacktivists may engage in ‘smishing’ or ‘vishing’, collecting information via texting or phone conversations, to gain deeper insight.
With enough information on your employees from OSINT-gathering, hacktivists may be able to brute force credentials. They can also launch highly-targeted phishing campaigns that may appear to be sent by a trusted party. When it comes to protecting against this threat, employee education and technical safeguards are a necessity.
7. Distributed Denial-of-Service
Research by IBM Security Intelligence indicates that up to 70% of attacks involve denial-of-service methodologies. This can result in interrupted operations, in some cases, for weeks on end.
DDoS attacks are simply defined as an attack on a single network entity, typically a server, by multiple compromised network elements. These attacks usually occur after entry is gained through a vulnerability, and DDoS malware is spread through your network. Computers involved in a DDoS attack are known as "botnets."
Basic security practices, such as frequent patching, effective firewalls, and access governance are important protections against DDoS. Some internet service providers (ISPs) also work to protect clients against DDoS, though this service shouldn't be considered total protection. Intrusion detection and active file integrity monitoring can also allow security pros to detect access to networks and malware.
8. Software Vulnerabilities
Software vulnerabilities have been the reason behind some of the most genuinely frightening hacktivist attacks to date. A water company, given the name “Kemuri Water Company” to protect its anonymity, was breached as it was reported to be using an operating system from a previous decade. That particular water company then relied on a single server for the entire IT network, which also connected the operating systems controlling the water treatment facility. As reported by IBT, the system was breached by exploiting a vulnerability in the web-accessible payments system and using it to get into the company's web server.
Any software or application used by your organization should be regularly assessed for vulnerabilities
9. Out-of-Date Patching
Hacktivists are well-aware of common vulnerabilities and use automated scanning to detect weaknesses in their target's networks. Across all forms of security attacks, companies can increase their risks significantly with poor patching protocol.
Organizations must develop a systemic approach to applying patches to ensure vulnerabilities aren't left wide open for days or months on end. When systems reach end-of-life, aggressive monitoring and security assessment are necessary if it's not immediately brought offline.
Are You Prepared to Fight Hacktivism?
Regardless of whether your company receives any warning or believes your mission puts you at risk for hacktivism, remaining vigilant is critical. Any cybercrime collective has the resources to deploy highly sophisticated attacks, based on the fact of being comprised of highly-sophisticated technologists.
Using smart file integrity monitoring and intrusion detection tools can allow your organization to stay ahead of common vulnerabilities such as application weaknesses. It can also enable you to detect unauthorized access and critical file modifications that typically serve as the first warning of a politically or financially motivated breach and reverse negative actions before it is too late.
To learn more about how CimTrak can help protect your company, request a customized demo.
November 1, 2016