Cybersecurity

New report details rise in hacktivism, motivations for attacks

“The hacktivism landscape is expected to witness continued collaboration and coordination among hacktivist groups, leading to larger and more sophisticated attacks,” study co-authors warn.
article cover

Francis Scialabba

3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

When Russian hackers attacked Dutch organizations this month, the government of the Netherlands warned that the attacks were part of an increased effort to use cybercrime to make a political point.

“Since the war in Ukraine, we have seen a resurgence in hacktivist groups carrying out DDoS attacks,” the Dutch National Cyber Security Centre wrote in an Aug. 8 news release.

Hacktivism is the hot new threat actor in the game, according to new research from cybersecurity analysis firm CloudSEK.

Coauthors Abhinav Pandey and Anirudh Batra found that attacks motivated by religion, politics, and the quest for fame surged from 1% of the global total in 2021 and 2022 to a high of 35% in April–May 2023.

Attackers overwhelmingly targeted India, with the world’s most populous country accounting for over 30% of all attacks. Israel was next, with 14.51%. The US only accounts for 1.1% of the global attacks, but leads North America.

According to CloudSEK’s research, attackers targeting India, Israel, Denmark, and Sweden were religiously motivated and came from Pakistan, Bangladesh, Malaysia, and Indonesia. Poland, Ukraine, and Latvia were targeted for political reasons by hackers based in the Middle East and Russia. Traffic logs show that the main countries with IPs used by hacktivist groups are Indonesia, India, Germany, Colombia, the US, and the UK.

Government and nonprofits were the most targeted organizations, but not the only ones. Pandey and Batra wrote that “the automobile and education sectors faced defacement, DDoS attacks, and occasional instances of alleged data leaks through the exploitation of openly available data using Google Dorking techniques.” The finance and banking and energy sectors were also targeted.

Perhaps unsurprisingly, hacktivists employ four general tactics to disrupt their victims: DDoS attacks, defacement, compromised account takeovers, and SQL injection attacks. Hacktivists are using Stresser7, Raven Storm, Xerxes, and other tools for DDoS and a variety of techniques for the other tactics.

The study co-authors warned that hacktivists should be expected to coordinate and intensify their efforts going forward, focusing on data breaches and leaks. The standard warnings about taking precautions apply—secure your data, ensure there’s a plan, and stay alert.

“The hacktivism landscape is expected to witness continued collaboration and coordination among hacktivist groups, leading to larger and more sophisticated attacks,” the co-authors wrote. “The focus on data breaches and leaks is also likely to increase, making government agencies, corporations, and other entities more vulnerable.”

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.