The Lord of the Hacktivist Rings

Cyber attacks against websites have been around for about a decade. Considering this, an important question to ask is: what makes one company considered high risk, and what puts them into what we call ‘The Ring of Fire?’ The Cyber Attack Ring of Fire maps out vertical markets based on the likelihood that organizations in these sectors will experience attacks. It reflects five risk levels, with organizations closer to the red center more likely to experience DoS/DDoS and other forms of cyber attacks with greater frequency.

The recent Ashley Madison attack is a prime example of a company that would be listed in the “high-risk” section within the Ring of Fire (See Graphic Below) legend. The company dealt with an attack that was so severe, it ultimately lead to reports of suicides upon release of the information. Even so, the Ashley Madison attack was NOT different than your run-of-the-mill hacktivist cyber attacks which distinguish themselves as having a motive other than for financial reasons. Think of them as digital versions of protests or ideological fights.

Cyber attack ring-of-fire


If recent cyber attacks have any uniqueness to them, it is that they have built upon the lessons of previous attacks and have become somewhat more calculating and laser-guided with their cyber-ordnance. Along these lines, heinous hacks are here to stay and there are strong, immediate calls-to-action for those operating in the Ring Of Fire to prepare and defend themselves. Those behind large-scale attacks include people who have been scorned, ideologues who now have a new form of communication, and protestors of all sorts. These individuals and groups have a new, modern avenue to pursue, and they are likely to use it to express their displeasure about other issues in the future.

Having said that, why are companies in these rings suddenly at increased risk of attack? Why do their profiles differ from other companies? Should there really be such a difference in risk? Let’s take a look at why these companies are affected by cyber attacks now more than ever:

What attributes increase the chances that a company will be cyber attacked?

  • Availability. Does a second of outage mean something to your business? Online businesses that require high-availability are increasingly attractive targets.

The more companies conduct business online, the more disruptive a cyber attack, such as a DDoS, can be. This is particularly relevant to ecommerce sites, but certainly not limited to them. Similar to Ferguson protestors, hacktivists behind recent, major attacks were mainly gunning for attention, and attention they got. One such example is Lizard Squad’s DDoS attack on both XBOX and PlayStation during the console gaming industry’s most important selling time of the year – the week between Christmas and New Year’s Day. Now, such as the Ashley Madison attack illustrates, the intent may to be shut down or shut up a business’ message or operations altogether.

As more and more companies increasingly put their operations fully online and in mobile, the Internet becomes an even more attractive place to conduct a protest (or a believed ‘anonymous’ attack). Holding ill-verbed signage in front of business doors does not grab the attention or win the will of predisposed audiences as it once did. However, removing messaging and taking down important websites or businesses yields highly desirable results.

  • Aggressive or ideological business models. Does your business generally produce a percentage of dissatisfied or distraught customers? Do you run a business in an area that is morally objectionable to some? Are you affiliated with political movements or ideological pursuits? Do you compete intensely for customers or on slim margins? Is your business model incredibly disruptive to large populations of employed people? If so, you are at a much higher risk for cyber attack than more mundane businesses or ones with virtuous pursuits.

Even though this category is self-explanatory, it goes to point out that nearly every major Western election, as well as many others worldwide, have experienced a cyber attack within the last three years. Some were heinous and prevented proper tabulations and victor timing. To plan an election without cyber defenses is to be remiss these days. Moreover, it is now obvious from influential companies like Uber, to Planned Parenthood and everything in-between, how easy it is for a company with a distinct message to invite a cyber attack.

What trends are increasing the chances that your company will be cyber attacked?
Imbalanced applications or business models.
Generally it’s great for an attacker to have an imbalance between a technical request and a technical reply. In other words, if you search a website for all PDF files it contains, the request for this information is low, but the reply is potentially huge. This idea pervades the DNS service provider space and other techniques such as NTP and Brute Force attacks.

Use of cloud technologies (Software, Platform, Infrastructure, etc)
Denial of service attacks are not particularly complicated to pull off, technologically, but you often need a number of attractive attributes to come together to make them work properly. Some examples of this include:

  • The ability to anonymize yourself
  • The ability to make an attack hard to mitigate
  • Complicating the detection algorithms
  • Complicating the effectiveness of mitigation techniques.

The use and expansion of cloud technologies dramatically complicate the protection of cyber attacks and make it easier for hackers to go on the offensive and improve chances of being effective.

IoT – Internet of Things (i.e. wearables, driveables, mobile, etc.)
Traditional hackers use computers they’ve infected without the owners’ consent. Future attacks will involve ‘things’- Internet connected and often ill-secured microcomputers that will be conscripted odiously into a ‘bot army’ and participate in magnifying volume-based attacks. In addition to being simple to conscript into a botted army, these ‘things’ will have several nefarious benefits, including usurping most modern day HTTP security protocols.

How companies can protect themselves
Whether you believe it— or not, see it— or not, understand it— or not, each of these trends have the ability to change the information security landscape immeasurably going forward. If all three trends come to pass, the resulting changes will serve to have today’s CISO’s job and responsibilities look like a horse & buggy manufacturer. The best among us will know when to “fold’em and when to hold’em” and it is my highest recommendation to begin the following:

  • Begin a process of decaying endpoint protection investments. Instead, move to a collection of collectors, detectors, command and control applications, and strong mitigation technologies.
  • Start new ‘entryway’ security investments – – consider new ‘fingerprinting’ ideas that are agnostic to IP and technologies that enrich your visibility.
  • Become obsessive about application security.
  • Availability will be challenged, as access will come from disparate devices and technologies (IoT).
  • Prepare for large volume attacks: Cyber-attacks will conscript consumer (not just phones) and industrial devices in attacks against you.
  • SDN Security – – Are you ready? Start a personal and professional project as SDN is here – are attacks far behind?
  • Pick your security vendors wisely: Those with no SDN strategy will leave you high-and-dry.

I wish you luck with your thoughts and pursuits and look forward to the exciting times of change and challenge before us.

More about

Don't miss