Salesforce grabs Vlocity for $1.33B, a startup with $1B valuation

It’s been a big news day for Salesforce . It announced that co-CEO Keith Block would be stepping down, and that it had acquired Vlocity for $1.33 billion in an all-cash deal.

It’s no coincidence that Salesforce targeted this startup. It’s a firm that builds six industry-specific CRMs on top of Salesforce — communications, media and entertainment, insurance and financial services, health, energy and utilities and government and nonprofits — and Salesforce Ventures was also an investor. This would appear to have been a deal waiting to happen.

Brent Leary, founder and principal analyst at CRM Essentials, says Salesforce saw this as an important target to keep building the business. “Salesforce has been beefing up their abilities to provide industry-specific solutions by cultivating strategic ISV partnerships with companies like Vlocity and Veeva (which is focused on life sciences). But this move signals the importance of making these industry capabilities even more a part of the platform offerings,” Leary told TechCrunch.

Ray Wang, founder and principal analyst at Constellation Research, also liked the deal for Salesforce. “It’s a great deal. Vlocity gives them the industries platform they need. More importantly, it keeps Google from buying them and [could generate] $10 billion in additional industries revenue growth over next four years,” he said.

Vlocity had raised about $163 million on a valuation of around $1 billion as of its most recent round, a $60 million Series C last March. If $1.33 billion seems a little light, given what Vlocity is providing the company, Wang says it’s because Vlocity needed Salesforce more than the other way around.

“Vlocity on its own doesn’t have as big a future without Salesforce. They have to be together. So Salesforce doesn’t need to buy them. They could keep building out, but it’s better for them to buy them now,” Wang said.

Still, the company was valued at $1 billion just under a year ago, and sold for $1.33 billion after raising $163 million. That means it received 8.2x total invested capital ($1.33 billion/ $163 million invested capital), which isn’t a bad return.

In a blog post on the Vlocity website, founder and CEO David Schmaier put a positive spin on the deal. “Upon the close of the transaction, Vlocity — this wonderful company that we, as a team, have created, built, and grown into a transformational solution for six of the most important industries in the enterprise — will become part of Salesforce,” he wrote.

Per usual, the deal will be predicated on regulatory approval and close some time during Salesforce’s second quarter in fiscal 2021.

Stonly grabs $3.5 million to make customer support more interactive

Stonly is building a service for customer support teams so that they can share step-by-step guides to solve the most common issues users have. The startup just raised a $3.5 million funding round led by Accel with business angels also participating, such as Eventbrite CTO Renaud Visage and PeopleDoc founders Jonathan Benhamou and Clément Buyse.

The startup isn’t building a chatbot for customer support — chatbots usually don’t understand what you mean and you end up contacting customer support anyway. Stonly believes that scripted guides with multiple questions work much better than both chatbots and intimidating knowledge bases.

But the company is well aware that it isn’t going to replace Zendesk or Intercom overnight. That’s why a Stonly guide is a module that you can embed in your existing tools. The startup currently supports Intercom, Zendesk, Freshdesk and Front.

This way, if somebody contacts you on Front or Intercom, you can reply with a Stonly guide to help your users solve their own issues (at least if it’s a common issue). Stonly is also launching its own more traditional knowledge base powered by Stonly guides so that your client can access common questions through a chat widget.

Putting together a Stonly guide doesn’t require any technical skills. After defining the steps, you can write text, add images, videos and buttons in a web interface. Stonly also supports translations.

And it’s been working well for the startup’s first clients. For instance, Dashlane noticed a 25% decrease in opened tickets for their most frequent issues after using Stonly. Other clients include Devialet, Happn and Calendly.

With today’s funding round, the startup is expanding to the U.S. with a new office in New York and David Rostan, VP of Sales and Marketing at Calendly, is joining as head of revenue.

Twilio 2010 board deck gives peek at now-public company’s early days

Twilio is best known for its communications API, which allows developers to add messaging, voice or video to their apps with just a small slice of code. The company’s tools are used by customers like Lyft, Airbnb, Salesforce, Box and Duke University.

The former startup went public in 2016 at $15 a share. Yesterday Twilio’s stock closed at $113.90, giving the company a market cap of about $15.6 billion (after a horrendous week on Wall Street). It’s easy to look at its value (among other measures) and declare Twilio a successful public company. But just like every former startup out there, its ascent wasn’t always so certain.

Founded in 2008, Twilio was once a tentative early-stage company feeling its way forward in the market with an unproven product and more future potential than actual results. Recently, the company’s CEO Jeff Lawson shared a Twilio board deck from March 2010.

Naturally, we read through it — how could we not? — but we also decided to analyze it for you, pulling out what we learned and using the snapshot of Twilio’s history to illustrate how far the company has come in the last decade.

The presentation’s original time stamp lands after Twilio’s Series A and just before its Series B, allowing us to see a company molting from a hatchling to something more sturdy that could stand on its own two feet. The company raised $12 million six months after the deck was presented.

To get everyone on the same page, we’ll start with a little history, and then get into the deck itself. Let’s go!

Where Twilio came from

Freshworks acquires AnsweriQ

Customer engagement platform Freshworks today announced that it has acquired AnsweriQ, a startup that provides AI tools for self-service solutions and agent-assisted use cases where the ultimate goal is to quickly provide customers with answers and make agents more efficient.

The companies did not disclose the acquisition price. AnsweriQ last raised a funding round in 2017, when it received $5 million in a Series A round from Madrona Venture Group.

Freshworks founder and CEO Girish Mathrubootham tells me that he was introduced to the company through a friend, but that he had also previously come across AnsweriQ as a player in the customer service automation space for large clients in high-volume call centers.

“We really liked the team and the product and their ability to go up-market and win larger deals,” Mathrubootham said. “In terms of using the AI/ML customer service, the technology that they’ve built was perfectly complementary to everything else that we were building.”

He also noted the client base, which doesn’t overlap with Freshworks’, and the talent at AnsweriQ, including the leadership team, made this a no-brainer.

AnsweriQ, which has customers that use Freshworks and competing products, will continue to operate its existing products for the time being. Over time, Freshworks, of course, hopes to convert many of these users into Freshworks users as well. The company also plans to integrate AnsweriQ’s technology into its Freddy AI engine. The exact branding for these new capabilities remains unclear, but Mathrubootham suggested FreshiQ as an option.

As for the AnsweriQ leadership team, CEO Pradeep Rathinam will be joining Freshworks as chief customer officer.

Rathinam told me that the company was at the point where he was looking to raise the next round of funding. “As we were going to raise the next round of funding, our choices were to go out and raise the next round and go down this path, or look for a complementary platform on which we can vet our products and then get faster customer acquisition and really scale this to hundreds or thousands of customers,” he said.

He also noted that as a pure AI player, AnsweriQ had to deal with lots of complex data privacy and residency issues, so a more comprehensive platform like Freshworks made a lot of sense.

Freshworks has always been relatively acquisitive. Last year, the company acquired the customer success service Natero, for example. With the $150 million Series H round it announced last November, the company now also has the cash on hand to acquire even more customers. Freshworks is currently valued at about $3.5 billion and has 2,7000 employees in 13 offices. With the acquisition of AnsweriQ, it now also has a foothold in Seattle, which it plans to use to attract local talent to the company.

As Block exits, Salesforce forecasts it will surpass $20B in revenue in FY2021

When Keith Block joined Salesforce from Oracle in 2013, the CRM giant was already a successful SaaS vendor on a billion dollar quarterly revenue cadence. When the co-CEO announced he was stepping down yesterday, the company reported revenue of $4.9 billion for the quarter.

During his tenure, the company’s revenue more than quadrupled, earning an impressive $17.1 billion last year, and as Block announced at the earnings call, the company he was leaving was forecasting revenue of $21 billion for FY2021.

Consider that it was not that long ago in May 2017 that we wrote about the company reaching the $10 billion mark. It’s perilously easy to get lost in these numbers, to take them for granted and think they don’t mean as much as they do. It’s hard work to build a billion SaaS business, never mind $10 billion or $20 billion.

Yet Salesforce is embarking on unchartered territory for a SaaS company. It’s approaching $20 billion in revenue for a single year.

Growth through acquisition

Granted the company keeps growing revenue by making big deals like buying Mulesoft for $6.5 billion in 2018 or Tableau for $15.7 billion in 2019, or just this week buying Vlocity for a mere $1.33 billion. That means the company spent more than $25 billion over a couple of years to buy substantial companies that help them build their business.

Block took a moment to brag a bit about his accomplishments including how some of those purchases performed during his swan song call with Salesforce, calling it a capstone of his time at Salesforce.

“In Q4, we grew 32% in the Americas, 28% in APAC and 47% in EMEA in constant currency. Now that includes our recent acquisitions. And at the close of FY 2020, the number of Salesforce customers spending $20 million annually grew 34%,” he said.

Think about that last number for just a minute. This a SaaS vendor with the number of customers spending $20 million growing by 34%. Block helped orchestrate that growth and worked with the executive team to help determine which companies it should be targeting.

At a press conference in 2016 at Dreamforce, he discussed Salesforce’s acquisition strategy. At the time, it had bought a 10 of 12 companies it would end up acquiring that year. It would buy only one in 2017, before revving up again 2018. Here’s what he said about what they look for in a company, as we reported in an article at the time:

“We look at culture. Will it be a good cultural fit? Is it a good product fit? Is there talent? Is there financial value? What are the risks of assimilating the company into our company,” Block explained.

What’s next for Block?

There is no word on what Block will do next beyond acting as an advisor to his former co-CEO Marc Benioff, who took time in the earnings call to thank his colleague for his time at Salesforce. As well, he should.

As Ray Wang, founder and principal analyst point out, Block leaves a big hole as he steps away. “If there is no equivalent replacement, you will see a significant impact in sales. Keith brought industries and sales discipline,” Wang told TechCrunch

It will be interesting to watch what he does next, and who, if anyone, will benefit from his vast experience helping to build the most successful pure SaaS company on the planet.

Zyxel 0day Affects its Firewall Products, Too

On Monday, networking hardware maker Zyxel released security updates to plug a critical security hole in its network attached storage (NAS) devices that is being actively exploited by crooks who specialize in deploying ransomware. Today, Zyxel acknowledged the same flaw is present in many of its firewall products.

This week’s story on the Zyxel patch was prompted by the discovery that exploit code for attacking the flaw was being sold in the cybercrime underground for $20,000. Alex Holden, the security expert who first spotted the code for sale, said at the time the vulnerability was so “stupid” and easy to exploit that he wouldn’t be surprised to find other Zyxel products were similarly affected.

Now it appears Holden’s hunch was dead-on.

“We’ve now completed the investigation of all Zyxel products and found that firewall products running specific firmware versions are also vulnerable,” Zyxel wrote in an email to KrebsOnSecurity. “Hotfixes have been released immediately, and the standard firmware patches will be released in March.”

The updated security advisory from Zyxel states the exploit works against its UTM, ATP, and VPN firewalls running firmware version ZLD V4.35 Patch 0 through ZLD V4.35 Patch 2, and that those with firmware versions before ZLD V4.35 Patch 0 are not affected.

Zyxel’s new advisory suggests that some affected firewall product won’t be getting hotfixes or patches for this flaw, noting that the affected products listed in the advisory are only those which are “within their warranty support period.”

Indeed, while the exploit also works against more than a dozen of Zyxel’s NAS product lines, the company only released updates for NAS products that were newer than 2016. Its advice for those still using those unsupported NAS devices? “Do not leave the product directly exposed to the internet. If possible, connect it to a security router or firewall for additional protection.”

Hopefully, your vulnerable, unsupported Zyxel NAS isn’t being protected by a vulnerable, unsupported Zyxel firewall product.

CERT’s advisory on the flaw rate this vulnerability at a “10” — its most severe. My advice? If you can’t patch it, pitch it. The zero-day sales thread first flagged by Holden also hinted at the presence of post-authentication exploits in many Zyxel products, but the company did not address those claims in its security advisories.

Recent activity suggests that attackers known for deploying ransomware have been actively working to test the zero-day for use against targets. Holden said the exploit is now being used by a group of bad guys who are seeking to fold the exploit into Emotet, a powerful malware tool typically disseminated via spam that is frequently used to seed a target with malcode which holds the victim’s files for ransom.

“To me, a 0day exploit in Zyxel is not as scary as who bought it,” he said. “The Emotet guys have been historically targeting PCs, laptops and servers, but their venture now into IoT devices is very disturbing.”

CircleCI-AWS GovCloud partnership aims to bring modern development to US government

Much like private businesses, the United States government is in the process of moving workloads to the cloud, and facing a similar set of challenges. Today, CircleCI, the continuous delivery developer service, announced a partnership with AWS GovCloud to help federal government entities using AWS’s government platform to modernize their applications development workflows.

“What this means is that it allows us to run our server offering, which is our on-prem offering, and our government customers can run that on dedicated pure cloud resource [on AWS GovCloud],” CircleCI CEO Jim Rose told TechCrunch.

GovCloud is a dedicated, single tenant cloud platform that lets government entities build FedRAMP-compliant secure cloud solutions (other cloud vendors have similar offerings). FedRAMP is a set of government cloud security standards every cloud vendor has to meet to work with the federal government

CircleCI builds modern continuous delivery/continuous integration (CI/CD) pipelines for development teams pushing changes to the application in a rapid change cycle.

“What GovCloud allows us to do is now provide that same level of security and service for government customers that wanted us to do so in an on prem environment in a dedicated single tenant environment [in the cloud],” Rose explained.

While there are a number of steps involved in building cloud applications, Rose said they are sticking to their core strength around building continuous delivery pipelines. As he says, if you have a legacy mainframe application that changes once every year or two, using CircleCI wouldn’t make sense, but as you begin to modernize, that’s where his company could help.

“[CircleCi comes into play] when you get into more modern cloud applications that are changing in some cases hundreds of times a day, and the sources of change for those applications is getting really diverse and managing that is becoming more complex,” Rose said.

This partnership could involve working directly with an agency, as it has done with the Small Business Administration (SBA), or it might involve a systems integrator, or even AWS, inviting them to be part of a larger RFP.

Rose says he realizes that working with the government can sometimes be controversial. Companies from Chef to Salesforce to Google have run afoul with employees who don’t want to work with certain agencies like DoD or ICE. He says his company has tended to focus on areas where agencies are looking to improve citizen interactions and steered away from other areas.

“From our perspective, given that we’re not super involved in a lot of those areas, but we want to get in front of it, both commercially, as well as on the government side, and determine what falls within the fence line and what’s outside of it,” he said.

HP offers its investors billions in shareholder returns to avoid a Xerox tie-up

To ward off a hostile takeover bid by Xerox, which is a much smaller company, HP (not to be confused with Hewlett Packard Enterprise, a separate public company) is promising its investors billions and billions of dollars.

All investors have to do to get the goods is reject the Xerox deal.

In a letter to investors, HP called Xerox’s offer a “flawed value exchange” that would lead to an “irresponsible capital structure” that was being sold on “overstated synergies.” Here’s what HP is promising its owners if they do allow it to stay independent:

  • About $16 billion worth of “capital return” between its fiscal 2020 and fiscal 2022 (HP’s Q1 fiscal 2020 wrapped January 31, 2020, for reference). According to the company, the figure “represents approximately 50% of HP’s current market capitalization.” TechCrunch rates that as true, before the company’s share-price gains posted after this news became known.
  • That capital return would be made up of a few things, including boosting the company’s share repurchase program to $15 billion (up from $5 billion, previously). More specifically, HP intends to “repurchase of at least $8 billion of HP shares over 12 months” after its fiscal 2020 meeting. The company also intends to raise its “target long-term return of capital to 100% of free cash flow generation,” allowing for the share purchases and a rising dividend payout (“HP intends to maintain dividend per share growth at least in line with earnings.”)

If all that read like a foreign language, let’s untangle it a bit. What HP is telling investors is that it intends to use all of the cash it generates to reward their ownership of shares in its business. This will come in the form of buybacks (concentrating future earnings on fewer shares, raising the value of held equity) and dividends (rising payouts to owners as HP itself makes more money), powered in part by cost-cutting (boosting cash generation and profitability).

HP is saying, in effect: Please do not sell us to Xerox; if you do not, we will do all that we can to make you money. 

Shares of HP are up 6% as of the time of writing, raising the value of HP’s consumer-focused spinout to just under $34 billion. We’ll see what investors choose for the company. But now, how did we get here?

The road to today

You may ask yourself, how did we get here (to paraphrase Talking Heads). It all began last Fall when Xerox made it known that it wanted to merge with HP, offering in the range of $27 billion to buy the much larger company. As we wrote at the time:

What’s odd about this particular deal is that HP is the company with a much larger market cap of $29 billion, while Xerox is just a tad over $8 billion. The canary is eating the cat here.

HP never liked the idea of the hostile takeover attempt and the gloves quickly came off as the two companies wrangled publicly with one another, culminating with HP’s board unanimously rejecting Xerox’s offer. It called the financial underpinnings of the deal “highly conditional and uncertain.” HP also was unhappy with the aggressive nature of the offer, writing that Xerox was, “intent on forcing a potential combination on opportunistic terms and without providing adequate information.”

Just one day later, Xerox responded, saying it would take the bid directly to HP shareholders in an attempt to by-pass the board of directors, writing in yet another public letter, “We plan to engage directly with HP shareholders to solicit their support in urging the HP Board to do the right thing and pursue this compelling opportunity.”

In January, the shenanigans continued when Xerox announced it was putting forth a friendly slate of candidates for the HP board to replace the ones that had rejected the earlier Xerox offer. And more recently, in an attempt to convince shareholders to vote in favor of the deal, Xerox sweetened the deal to $34 billion or $24 a share.

Xerox wrote that it had on-going conversations with large HP shareholders, and this might have gotten HP’s attention— hence the most recent offer on its part to make an offer to shareholders that would be hard to refuse. The company’s next shareholder meeting is taking place in April when we will finally find out the final reckoning.

 

Salesforce co-CEO Keith Block steps down

Salesforce today announced that Keith Block, the company’s co-CEO, is stepping down. This leaves company founder Marc Benioff as the sole CEO and chair of the CRM juggernaut. Block’s bio has already been wiped from Salesforce’s leadership page.

Block stepped into the co-CEO role in 2018, after a long career at the company that saw him become vice chairman, president and director before he took this position. Block spent the early years of his career at Oracle . He left there in 2012 after the release of a number of documents in which he criticized then-Oracle CEO Mark Hurd, who passed away last year.

Industry pundits saw his elevation to the co-CEO role as a sign that Block was next in line as the company’s sole CEO in the future (assuming Benioff would ever step down). After this short tenure as co-CEO, it doesn’t look like that will be the case, but for the time being, Block will stay on as an advisor to Benioff.

“It’s been my greatest honor to lead the team with Marc [Benioff] that has more than quadrupled Salesforce from $4 billion of revenue when I joined in 2013 to over $17 billion last year,” said Block in a canned statement that was surely not written by the Salesforce PR team. “We are now a global enterprise company, focused on industries, and have an ecosystem that is the envy of the industry, and I’m so grateful to our employees, customers, and partners. After a fantastic run I am ready for my next chapter and will stay close to the company as an advisor. Being side-by-side with Marc has been amazing and I’m forever grateful for our friendship and proud of the trajectory the company is on.”

In related news, the company also today announced that it has named former BT Group CEO Gavin Patterson as its president and CEO of Salesforce International.

What is Hacktivism? And Why Should Enterprise Care?

Only a few years ago, the antics of hacktivists regularly populated media headlines with grand stunts and ominous threats, defacing websites, knocking global brands offline and leaking data belonging to multinational, multi-billion dollar corporations. Hacktivists styled themselves as “rebels with a cause” while media headlines typically portrayed them as juvenile script kiddies or malcontents with nothing but mischief on their minds. About the only thing both sides largely agreed on was that hacktivists were collectives acting out of some sense – either noble or misguided (delete as appropriate) – of wider purpose or shared ideology, rather than committing cybercrimes merely for the sake of selfish, financial gain like typical cybercriminals

Today, hacktivists and hacktivism rarely make the news headlines at all. So what happened to them? Are they still a threat to organizations or has their time been and gone? In this post, we take a look at hacktivism from its origins to the present day, discuss its motivations and explain why hacktivist groups should still be on your threat assessment radar.

image of what is hacktivism

What is Hacktivism? Who Are These “Hacktivists”?

Merriam-Webster dictionary defines Hacktivism as “computer hacking (as by infiltration and disruption of a network or website) done to further the goals of political or social activism”.

The term “Hacktivism” was coined in the early 90s by the (in)famous hacker collective, Cult of the Dead Cow. As the word suggests, Hacktivism is a means of collective political or social activism manifest through hacking computers and networks. Hacktivism began as a sub-culture of hacking, gaming and web communities, and allowed technically-inclined individuals to use the connectivity and anonymity of the web to join together with others and operate towards common causes. As such, hacktivists were originally mostly young males who enjoyed surfing the web, visiting forums and newsgroups, sharing information on illegal download sites, chatting in “private rooms” and colluding with like-minded drifters of the net.

The net granted them the opportunity to use any alias they wanted, and using that persona they engaged in joint adventures from pursuing pornographic materials, sharing pirated copies of desired software, pranks and sometimes illegal activities – mostly aimed at “The establishment”. Some of the more widely known groups to have caught public attention connected with Hacktivism are Anonymous, Lulzsec, and the Syrian Electronic Army. 

Here we come to the second trait of the hacktivists – the desire to “fight” against a common enemy. When the world became more connected, these individuals realized that they could act (with minimal personal risk) against others. But these activities (which soon became known as “Operations” or “Ops”) required more than a handful of online friends. They required an army. So the final ingredient of hacktivism was born – the “Legion”. The new narrative, created over a period of two decades, was that of an underground, faceless army fighting together as a collective to break the chains of the old world.  

What Do Hacktivists Want?

One of the defining characteristics of a hacktivist group is that they are united around some ideology, principle or cause. These can range from political, religious, regional, personal and even anarchist. Perhaps the first hacktivist ‘op’ occurred back in 1989, when, according to Julian Assange, the US Department of Energy and NASA computers were penetrated by the anti-nuclear Worm Against Nuclear Killers (WANK) worm. This might have been the first recorded incident, but it was not widely reported and went mostly unnoticed by the public at large. 

A later incident that occurred in 1994 received much more attention. A group of British activists protested against an “Anti-Rave” law by launching a DDoS attack against British Government websites. The protesters argued that the law was an infringement of people’s basic human rights. 

The following year, Italian protesters engaged in electronic civil disobedience with the first Netstrike, a precursor to automated DDoS attacks which involved individuals repeately clicking on a government website link in an attempt to overload the server as protest, again, against nuclear weapons. At the time it was described as a form of ‘virtual protest’ as the term ‘Hacktivist’ was not widely in use. 

Further hacktivist activities happened throughout the 90s and the first decade of the new millennium, but hacktivism only really achieved widespread public attention in later years of that decade. 

The Rise and Fall of Anonymous

By that time, the internet was vastly different than before, in ways that made it possible for hacktivism to leave its mark. Now, major commercial activities were taking place online, governments all over the world were also offering their services online, and millions of users were populating social media sites, YouTube, Reddit, 4chan and others: these communities were all ripe for recruiting people willing to participate in collective, hacktivist campaigns. 

In the early 2000s, one such collective, known as Anonymous, came to define and symbolize the hacktivist movement for a generation. Originating out of 4chan and famous for its use of the Guy Fawkes mask, Anonymous conducted high profile operations against well known “targets” such as the Church of Scientology, Amazon, PayPal, Visa, Mastercard and multiple government sites, including the CIA. Starting in 2011, Anonymous also became affiliated with political struggles such as the “Arab Spring”. 

But like any global movement without any clear structure or ideology, it started to disintegrate into local factions who often fought between themselves. In addition, law-enforcement agencies stepped up their efforts to unmask and prosecute the hacktivists, leading to the arrest of some prominent members of the community, which in turn crippled Anonymous’ ability to organize and execute large-scale attacks.  

Hacktivism Today

If media headlines are anything to go by, it might seem that the hacktivism heyday is over. Recorded Future, which monitors hacktivist activity, recently reported that it had been tracking 28 active hacktivist groups in 2016 but now is only tracking 7 such groups. 

But the headlines don’t quite paint the whole picture. Remnants of Anonymous, as well as hacktivist groups Ghost Squad Hackers, the Sudan Cyber Army and others have been active recently in political events in the Sudan and attacks on the Sudanese Ministry of Defense, for instance. Meanwhile, Anonymous also made threats against both Ecuador and the U.K. governments over the eviction of Julian Assange from Ecuador’s London embassy and his subsequent arrest in 2019. The Ecuadorian government claimed that over 40 million cyberattacks had been launched against government institutions in the wake of Assange’s eviction and arrest.

More recently, hacktivist group Lizard Squard were responsible for an attack on the U.K.’s Labour party during the country’s general election last December. The botnet-powered DDoS attack targeted the then-leader of the party, Jeremy Corbyn, as well as his party’s websites. The group promised more attacks on both government and Labour party websites should Labour win the election (something they failed to do). In the past, Lizard Squad had claimed responsibility for attacks on Sony, Microsoft XBox and even Taylor Swift, but this was its first known outing for some years. According to one report, the group may have turned to financially motivated crime in the interim, quietly building and hiring out its botnet in a DDoS-for-hire service.

More concerning is that hacktivism just might be taking a much more sinister turn right in front of our eyes. It seems that hacktivism is now being used in ‘false flag’ or covert operations, as nations exchange virtual blows without taking responsibility by means of supposedly “volunteer” hacktivist groups. For instance, in a recent skirmish between Turkish and Greek hacktivists, there were numerous DDoS attacks from both sides. However, the tenacity of the attacks hints that there might be more at play here than mere script kiddies using makeshift tools. 

Following the initial attack and counter-attack (which disabled Turkey’s internet infrastructure for several hours), Turkish hackers unleashed an attack on at least 30 entities, including government ministries, embassies and security services as well as corporations in multiple locations, among them Cyprus, Greece and Iraq. According to Reuters, the target selection hints at the involvement of the Turkish government. This pattern has been utilized around the world by nations such as China, Iran, and Russia – all notorious for operating “non-official” proxies for political goals.

It is likely that hacktivist groups affiliated with certain nations will continue to flourish and may even be given tools, funds and training to allow them to operate in a semi-independent way (as long as they please their masters).

Why Should Enterprise Care About Hacktivism?

Enterprises have enough threat actors to worry about as it is, so are hacktivists really something they need to be concerned about today? 

Hacktivists have been known for attacking enterprises who appeared to them as engaging in activities that were anathema to their ideology, such as Visa refusing to process donations made for Julian Assange, and subsequently being attacked in Operation Payback, as well as the aforementioned attacks on Sony and Microsoft. 

More commonly, enterprises are hit as collateral damage. They can suffer from general disruptions (like nationwide internet service outages), specific denial of service attacks, defacement attacks and attempts to identify and steal sensitive information. 

The rule of thumb is that enterprises and organizations who are closely affiliated with a nation (such as a national bank, or an enterprise named after the said country) are more likely to be attacked. It is true that most of these attacks can be categorized as nuisance, but even short-term website defacement can cause reputation damage, and business disruption through large-scale DDoS attacks and data leaks can even cause actual financial harm. 

Conclusion

As the line between ‘hacktivists’ and state-sponsored APTs starts to blur, and as low cost malware and ransomware-as-a-service (RaaS) options continue to increase in availability, more serious cyber attacks from hacktivists utilising such cyber weapons should be considered as a possibility in your threat assessment. Therefore, it is a good idea to consume threat intelligence covering the latest hacktivist trends and prepare accordingly. 

If you would like to see how SentinelOne can help protect your organization against all kinds of threat actors including hacktivists, please contact us for more information or request a free demo.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security