FBI warns of politically motivated hacktivist activity, DDoS attacks in alert

With the Nov. 8 general election nearing, the FBI issued a private industry notification on Friday warning of hacktivism activity and encouraged organizations to implement recommendations on mitigating distributed denial of service attacks.

Pro-Russian hacktivist groups are using DDoS attacks to target critical infrastructure companies with limited success by providing the tools and guidance to anyone willing to conduct attacks on behalf of their cause, the FBI said in the alert. 

While the attacks are described as opportunistic in nature and have minimal operational impacts on victims, the hacktivists will often publicize and exaggerate the severity of the DDoS attacks of public-facing websites, along with social media profile defacement. 

The FBI said high-profile targets include financial institutions, health and medical facilities, emergency services, airports and government facilities. 

Coincidentally on Friday, Microsoft released its Digital Defense Report 2022, which showed the number of nation-state attacks on critical infrastructure increased from 20% of all such attacks Microsoft detected to 40%. The Redmond, Washington-software giant also pointed to the Russia-Ukraine conflict with the rise in attacks on critical infrastructure.

As noted by Kaspersky’s Securelist blog on Monday, DDoS attacks were, more often than not, politically motivated in Q3 2022. The pro-Russian group Killnet took responsibility for attacks in Estonia, Lithuania, Japan and the U.S., including the U.S. Electronic Federal Tax Payment System and attacks that took down airport websites. In turn, pro-Ukrainian hacktivists targeted Russian resources and media outlets.

Other politically motivated DDoS attacks struck elsewhere, such as Taiwan in response to the visit by a sitting U.S. Speaker of the House Nancy Pelosi, Israel, Kazakhstan, Eastern Europe, and elsewhere. 

The FBI says critical infrastructure organizations should enroll in denial-of-service protections services, partner with ISPs, create recovery plans and monitor network assets for suspicious activity that could indicate a secondary attack.