• Home
  • /
  • Malware
  • /
  • Hacktivism 2024: The real threat runs deep

Hacktivism 2024: The real threat runs deep

Heading into next year, companies worldwide must be prepared as the lines between state-sponsored cyber operations and traditional hacktivism blur.
Pankaj Bhula
By Pankaj Bhula, EMEA regional director: Africa, Check Point Software Technologies.
Johannesburg, 20 Nov 2023
Pankaj Bhula is EMEA regional director: Africa at Check Point Software Technologies.
Pankaj Bhula is EMEA regional director: Africa at Check Point Software Technologies.

Hacktivism is universally defined as the malicious use of digital tools, such as hacking, to stir up civil disobedience or promote a socio-political agenda. At its most innocent, it is a form of “digital vandalism” that will frustrate and inconvenience organisations.

In extreme instances, it can lead to leaked information, intercepted data, the hijacking of company assets, even the systematic dismantling of an organisation’s reputation. In short, it can be devastating.

In recent years, hacktivism has started to closely mimic battles in the real world, as seen with the Russo-Ukraine conflict and the current war between Hamas and Israel.

Africa has seen its fair share of hacktivism with the recent attacks by Sudanese-based hacker group Anonymous, which targeted Nigerian companies in response to the threat of military action in Niger in August, and was responsible for a massive denial of service (DDoS) attack in Kenya in July, which disrupted large parts of the public sector and financial services.

The most common targets for hacktivist groups include government agencies, because they often hold opposing views and have the power to make changes, or multinational corporations that are perceived as being “bad” or having an adverse impact on society or the environment.

While Anonymous may have made hacktivism a household term, the real threat of hacktivism for businesses and government agencies runs much deeper.

Some businesses will find themselves in the crosshairs of hacktivists purely for existing.

As detailed in Check Point’s 2023 Mid-Year Cyber Security Report, the average number of weekly cyber attacks is up 8% globally – the most significant increase in two years – largely driven by artificial intelligence, the escalating threat of organised ransomware groups and hacktivism.

Last year saw the emergence of state-affiliated hacktivism, where hacktivist groups select their targets based on geopolitical agendas, in some cases funded or orchestrated by governments themselves.

Changing face of hacktivism

We are now seeing hacktivism evolve from an individual or group of individuals into coordinated, often state-sponsored, organisations that have ideological motivations.

However, while ideology might unite and motivate malicious actors, the democratisation of technology has played a major role in the propagation and proliferation of hacktivist activities.

Artificial intelligence, particularly generative AI, is one example of an extremely powerful, scarcely regulated tool that is readily available. As organisations scramble to leverage AI capabilities as part of their cyber defence strategies, threat actors and hacktivist groups are working hard to leverage AI as part of their offensive efforts.

Interestingly, while technology such as generative AI certainly makes the generation of malicious code easier and more accessible, it is the same old vectors that threat actors are looking to exploit.

AI is not being leveraged to improve malware itself, but rather its mode of delivery. Lookalike domains and phishing attacks remain among the most popular attack vectors, but AI is making fraudulent domains and fake e-mails more sophisticated and difficult to identify.

AI can also be leveraged to orchestrate sharper, faster DDoS attacks. A DDoS attack is when a server or website is flooded with artificial traffic requests to the point where it becomes overwhelmed and ceases to function.

This year saw a record-breaking DDoS attack, which peaked at 71 million requests per second – no doubt a sign of things to come.

Limiting exposure to hacktivism

Hacktivist attacks are ideological in their nature, so for some businesses – particularly those operating in the public sector – exposure will be inevitable. Some businesses will find themselves in the crosshairs of hacktivists purely for existing, even if there is little to steal or no financial incentive.

The partners, suppliers and customers of targeted companies can also get caught in the crossfire, meaning nowhere is safe. Being impacted by a hacktivist-led cyber attack is not necessarily a matter of if, but when.

However, there are some essential steps that businesses in both the private and public sectors can take, if not to limit their exposure to attacks, then limit their exposure to the risk that comes with being swept up in an attack.

Robust data backups, for instance, will limit the power of any ransomware attack on a business, and make the tampering or deletion of data by hacktivists easier to deal with.

Cyber awareness training for staff will also mitigate the effectiveness of lookalike domains or phishing tactics, along with zero-phishing technology that can detect zero-day phishing attempts – so called because they exploit known vulnerabilities within a system which the developers or vendors have “zero days” to fix.

What next for hacktivism?

The future of hacktivism is poised to be multifaceted, with a blend of state-affiliated operations and grassroots movements. State-affiliated hacktivism is now an established threat, which means tactics are likely to evolve and become more sophisticated thanks to external funding.

Hacktivist groups, particularly those with transparent state affiliations, are likely to leverage larger and more powerful botnets to execute disruptive DDoS attacks on a scale previously unseen. The record-breaking DDoS attack, peaking at more than 71 million requests per second, is a testament to this escalating trajectory.

There has also been some evidence of collaboration between groups with differing narratives, such as the pro-Islamic "Anonymous Sudan" and the Pro-Russian “Killnet”, which hints at a future where hacktivist groups might form alliances for mutual benefit, irrespective of their core ideologies.

This convergence might lead to more coordinated and impactful attack campaigns. Increasingly, these groups are also masking hidden agendas behind politically motivated attacks, with hacktivist threat actors using ransomware campaigns as a revenue stream to fund other activities.

However, it is not just about state actors. Grassroots hacktivism, driven by social, environmental, or regional political causes, will continue to play a significant role.

As global issues like climate change and human rights gain more attention, we can expect a resurgence of decentralised hacktivist movements. These groups, while not as resource-rich as their state-backed counterparts, can still cause significant disruption, especially when they rally the global online community around a cause.

We are also seeing a greater influence from technology, with deepfakes becoming a regular tool in the hacktivist arsenal.

Deepfakes have been used to impersonate people of power and create propaganda in times of conflict, as seen with Ukrainian president Volodymyr Zelensky. These tools can be purchased with ease and used as part of social engineering attacks to access sensitive data.

In essence, as we move into 2024 and beyond, the lines between state-sponsored cyber operations and traditional hacktivism will blur. Organisations worldwide will need to be prepared for a diverse range of cyber threats, each with their own unique motivations and tactics.