Anonymous and Lulzec hackers evolving to target corporate data to cause financial pain

Hacker groups Anonymous and LulzSec are changing tactics to target firms' corporate data in order to hurt them financially, rather than cause embarrassment by affecting websites, according to new research from security firm Imperva.

In its latest Hacker Intelligence Initiative report Imperva researchers said they had seen a marked change in hacktivists' behaviour, with groups moving away from defacing websites or knocking them offline to stealing data.

Specifically, Imperva researchers reported discovering that 21 per cent of all recorded incidents from June to November 2011 saw hackers mounting local and remote file inclusion (RFI/LFI) attacks.

The statistic was widely attributed to hacktivists, such as the Anonymous collective and LulzSec group.

A form of attack that targets PHP coding, the use of RFI/LFI techniques allows hackers to steal data by manipulating the company's web server, and indicates a step away from their usual tendency to target companies' websites with distributed denial of service (DDoS) assaults.

Speaking to V3, Imperva researcher Tal Be'ery claimed that the behaviour is systematic of evolution within hacktivism that occurred after the high-profile Sony data breach.

"The motivation hasn't changed but rather the method. Pre-Sony, hacktivism's aim was website defacement which could be embarrassing but had no long term impact," he said.

"Stealing data from Sony and exposing it showed hacktivists how to damage companies financially. The data theft at Sony - and other locations - seriously hurt the company. But also the breach inspired hacktivists to make data theft their first objective."

Imperva's research follows a separate report from Verizon, indicating a marked increase in the number of cyber attacks being mounted by hacktivist groups.