Hacktivists Have the Upper Hand in an Environment Where Most Attacks Go Unreported
August 31, 2012 Leave a comment
- Anonymous’ attack on UK government sites in protest of efforts to extradite WikiLeaks’ Julian Assange to Sweden mirror the continued trend of dogmatically driven cyber attacks.
- Troubling statistics point to real reticence on the part of the attacked organizations to prosecute breaches, with DDoS vendor Arbor Networks publishing figures which reveal that just 26% of all distributed denial of service attacks are actually reported.
The summer of 2012 has been a season of ‘hacktivist’ discontent. A spate of recent politically motivated cyber attacks against governments, including Mexico and the United Kingdom, underscore the fact that profit is no longer the primary driver for IT-related breaches. A number of breach investigation reports from the last two years highlight the rising tide of hacktivist-sponsored attacks (see: ‘Hacktivism’ Changes the Threat Landscape, Again, February 10, 2012), a trend which clearly continues as hackers employ even more sophisticated application-layer tactics to attack the organizations they oppose on political, legal, or philosophical grounds.
DDoS attacks are proving to be the weapon of choice for many of these organizations, with hacktivists now the largest purveyors of these denial of service attacks. Forewarned may indeed be forearmed as organizations that are aware in advance of what to look for have a far greater opportunity of mounting an effective defense against these attacks. However, there are still far too few prosecutions associated with hacktivist and other cyber attacks.
One reason is that too few public and private sector organizations actually report the incidents to law enforcement. Arbor Networks estimates that 74% of those attacked do not seek help from law enforcement. For reasons ranging from corporate policy and concern about reputation to a lack of confidence in the investigating authority, most organizations tend to prefer to move on without much of an attempt to disarm their attackers.
Though there are notable exceptions, such as the arrests of members of the LulzSec hacking group for attacks on Sony Pictures Europe, too many organizations are choosing to leave their attackers to their own devices. Though it is understandable to want to avoid a long investigation, letting attackers roam free is a dangerous proposition. What is your organization’s policy? Have you revisited it in the face of recent incidents? Are you concerned that law enforcement is not equipped to handle what could be complex investigations?