Ideologically motivated threat actors refer to organizations, individuals or groups whose actions are driven by ideological reasons and ambitions. These are often politically, religious or socially motivated and can even be driven by personal agendas. Quoting the report, hacktivism can be described as “a sort of digital and civil disobedience that is realized by using technology to convey some type of political message that can refer to, for example, censorship or human rights. It can include encouraging others to carry out cyberattacks for a specific purpose.

Distributed Denial of Service (DDoS) attacks are a common type of cyberattack used in this context. By carrying out a DDoS attack, the attacker attempts to disrupt the normal traffic of a targeted network or application, by overwhelming it with a flood of internet traffic. As it is being flooded with more traffic than the server or network can accommodate, the targeted website goes down, restricting legit users to access the site. If the website is down for a significant amount of time, it can result in serious business disruptions, reputational damage and financial losses for the victim.

An example of such an attack was the DDoS attack on the U.K.’s Labour party during the election in 2019. The political hacktivist group behind the attack threatened to launch more attacks targeted at the government’s website if the party won the election. At Baffin Bay Networks, we can observe similar behaviour against political organizations in Sweden as well — based on threat data from our sensor network and the mitigation history of our customers.

However, not just government agencies are a target for these types of attacks as there are numerous examples where corporations have been targeted. Hacktivists often attack companies who appear to engage in activities that are conflicting with the group’s ideology or principles, such as the attack on Visa for refusing to process donations made for Julian Assange, the founder of WikiLeaks. There have also been examples of attacks on corporations who hacktivists believe are engaging in unethical activities and even instances where companies are attacking their rivals or where former employees or dissatisfied customers are looking for revenge.

The trend is clear today. Hacktivists don’t necessarily need to be technologically savvy to carry out this type of attack, as there are hackers who are selling DDoS attack services online. What used to be confined to the dark web is now openly advertised and sold on common social media platforms such as YouTube and Reddit.

How can I protect my organization?

As the Swedish Ministry of Justice and Ministry of Defence states their concern for Swedish organizations being targeted for these types of attacks, there are luckily efficient ways to protect your Internet-based assets. With a threat protection that applies a layered approach, you can be sure to mitigate all kinds of Internet attacks before they can do any damage to your digital assets. Baffin Bay Networks’ Threat Protection Service runs all your company’s incoming traffic through our scrubbing centers, sorts out any malicious traffic and then forwards only clean and legit traffic to your website, application or web server. With this approach, you’ll always be one step ahead of hacktivists and bad actors will never get anywhere near your protected service. Do you want to try the protection for your own company? Request a demo free of charge today.

Reference: https://www.sakerhetspolisen.se/download/18.f2735ce171767402ba202/1591164566288/Rapport-Cybersakerhet-Hot-Metoder-Brister.pdf

Baffin Bay Networks