Moreover, according to Professor Stuart Masnick of MIT, DDoS and other types of attacks used in hacktivism (most notably wiper attacks, where compromised systems are simply cleansed of all their data) are a “blunt weapon.” They are often hard to track even with access to technical details about a given attack. “If you launch a missile, with the technologies and satellites we have today, we can pretty well tell where the missile was launched from,” said Masnick. “If you launch a cyberattack, if you do a little bit of homework … no one knows where it came from.”

In one case, Masnick recalled, a Russian cyber group compromised an Iranian facility and launched a cyberattack from there, meaning that the evidence pointed back to the Iranian government, not Russia. “If you think you know who the attack came from, most likely you’re wrong,” he said. “Because a really good attacker will leave all the evidence pointing in a different direction.”

For the rank-and-file of businesses, staying secure means understanding their risk levels and maintaining a defense-in-depth. “Because hacktivism has its roots in not just protecting yourself from a [cybersecurity] perspective, but from a geopolitical perspective as well, the first thing just to be aware that someone is upset at you,” said Dickson, noting that larger organizations, and those more intimately involved with national infrastructure, are more likely targets.

Defense in depth key to limiting damage from hacktivism attacks

Masnick said that many of the most damaging cyberattacks in recent years have been as severe as they were because of poor security architecture and misconfiguration – not necessarily due to the skill of the attackers. Defense in depth, ensuring that all systems are hardened against attack, is key to limiting the damage from one system being compromised.

“We’ve done a number of studies of relatively sizeable cyberattacks,” he said. “And the thing we found is that … in most cases, there’s over a dozen things wrong,” not just one or two.