Meet the Threats: Heather the Hacktivist
Many organizations rely on personas to better understand their customers. At Cisco, we’ve gone beyond creating customer personas, we’ve also created them for the threat actors to help us build stronger security products. We’ve spent years studying the bad guys to best understand how to combat them. In this series of blog posts, I will outline our threat actor personas, including what motivates them, their attack vectors, and how to defend against them.
So far in this series, I have introduced you to Iggy the Insider Threat, Anna the APT, and Oleg the Organized Criminal. In this final installment, I am going to discuss Heather the Hacktivist, who uses cyber-attacks to further her political causes.
Introducing Heather the Hacktivist
Examples: Edward Snowden, Anonymous, LulzSec
“I hack, deface, and deny service to those who have done wrong and those who are evil or unjust. I hide in between the networks and am often impossible to find. Your secrets are not safe with me. I am but one, and we are all alike.”
Motivations and Goals
I do not hack for financial profit. Instead, I hack to promote my political and societal agenda. To achieve that end, I will go after targets that are in my way or who I perceive to be unjust. These targets may include individuals, corporations, governments and their agencies, political systems or parties, and criminal undergrounds.
My goals often center on attacking people and organizations who I believe are guilty of wrongdoing. This may range from exposing criminals and disabling terrorist social media accounts to leaking sensitive documents from government agencies or private organizations. In addition, I may disrupt services or deface websites associated with target organizations.
While I may not be the biggest threat on my own, there are thousands more like me. With help from my determination and ideals, I can find like-minded people and rally them to my cause. Our strength lies in our numbers.
Hacktivists may use a wide variety of tactics against their targets. Distributed denial-of-service (DDoS) attacks are common because they have a low barrier to entry and are effective at disrupting services. Hacktivists will also use more advanced tactics, such as social engineering or spear-phishing, to infiltrate networks. Once inside, the hacktivist may sabotage systems or steal sensitive data to release publicly.
In addition, hacktivist may doxx – hacker lingo for publishing private or identifying information associated with an anonymous Internet account – or deface public-facing websites to shame or expose their targets.
How to Combat Heather
Since DDoS attacks are a common tactic of hacktivists, DDoS mitigation techniques such as scrubbing services can help prevent attackers from bringing your website and services offline. You’ll also want a way to quickly detect and monitor DDoS attacks.
Educating employees on good password practices and security procedures can help prevent hacktivists from gaining network access. Don’t forget to teach them how to recognize and avoid falling victim to social engineering techniques such as phishing.
Lastly, detecting and quarantining devices and appliances that are comprised or are exfiltrating data is essential to stopping hacktivists from stealing your sensitive data.
Stealthwatch can help you detect DDoS attacks and monitor them as they develop. There are many different ways to conduct DDoS attacks, and Stealthwatch has built-in algorithms that can detect a variety of events associated with DDoS attacks.
Additionally, Stealthwatch users should monitor for unusual traffic between the network and the Internet. For instance, unusually large transactions with external hosts could signify data exfiltration. Traffic between the network and suspect countries may also be indicative of an attack. For example, if your organization does no business in Eastern Europe, then large amounts of traffic to that region are suspicious.
Lastly, watch for signs of web-based attacks such as SQL injections as these methods are commonly used to obtain sensitive information.
That’s it for now folks. While there are certainly other types of threats out there, insider threats, APTs, organized criminals, and hacktivists cover the majority of them. For more information on how Stealthwatch can help protect your network from cyber-threats, click here.