The phenomenon of internationally-coordinated and politically-motivated cyber attacks has dramatically declined in the last three years, according to a new study.
Analysts at Recorded Future found that the number of active hacktivist groups has more than halved since 2016, falling from 27 to just eight last year.
The study, which analysed mentions of hacktivism on underground forums, technical blogs and news reports, corroborates other recent research into the field. Earlier this year, IBM reported a 95 per cent drop in the number of hacktivist attacks since 2015.
As the number of operations has decreased, the breadth of operations has also shrunk. Winnona deSombre, a threat analyst at Recorded Future, told NS Tech: “While most individuals consider hacktivism as loose groups of individuals all over the world […] in reality what hacktivism is, is specific regional groups carrying out cyber operations based off protests to specific regional events.”
Even when hacktivists do coordinate operations across several nations, they usually do so in similar geographies, the research revealed. One of the most prolific examples of this trend was the rise of coordinated attacks targeting Israel, conducted by hackers in other Middle Eastern countries during the Arab Winter.
The best known exception to the rule is Anonymous – a collective of hackers distributed internationally who have taken credit for a number of high-profile attacks. But the researchers found that regional Anonymous groups were only tenuously linked and that many had been driven apart by political differences.
“[In 2014], there was a splintering of Anonymous organizations, with other Anonymous factions seemingly “at war” with the Syrian Electronic Army and affiliated groups, illustrating the factional quality of a nebulous organization such as Anonymous and similar hacktivist organizations,” the researchers wrote.
IBM’s research attributed two factors to the decline in the number of attacks. The first was the drop off in the number carried out under Anonymous’s banner. Only one attack was recorded 2018. The second factor is a rise in law enforcement activity involving hacktivists, not just in terms of arrests but also legal warnings against proposed attacks that never materialised.
deSombre also suggested that businesses had taken steps to protect themselves from basic attacks: “In 2014/15 you could see quite a few of these attacks occurring especially by lower level actors. The fact that there are more organisations which take their security seriously means they are in some regards making it harder for lower-level activists to breach networks. You’re now seeing a higher barrier to entry.”