The 1970s are the beginning of cybersecurity. At that time, words like ransomware and spyware were not common. Today, however, such words are making their way into the news headlines due to cybercrime’s explosive growth.
Every organization should make cybersecurity a top priority. In the next few years, cybercrime will cost the world trillions.
How did cybersecurity develop? This article explains cybersecurity’s evolution from its beginnings to today.
From Academic to Criminality
Computer security threats were easy to identify during the 1970s and 1980s when computers and the internet weren’t yet developed.
Most of the threats came from malicious insiders who had access to documents they were not supposed to see. Computer security in software programs was developed separately from security involving risk management and compliance governance.
At this time, network breaches and malware were common. They were also used for other purposes than financial gain.
The Russians, for example, used them to use cyber power as a weapon. Marcus Hoss, a German hacker and computer programmer, also hacked into an Internet gateway. Hoss connected to the Arpanet using the Berkeley gateway. Hoss then accessed 400 military computers, including Pentagon’s mainframes. Hoss was primarily looking to obtain information to sell the Russian spy agency KGB. Clifford Stoll was an astronomer who used honeypot systems in order to foil the plot and detect the intrusion.
This attack markedly set the stage for serious computer crimes using virus intrusion. Viruses weren’t used anymore for academic purposes.
Robert Thomas, a researcher at BBN Technologies, discovered that a program could be created that can move in a network while leaving behind a trail. The first computer worm was born from this discovery. Creeper was the worm’s name and was intended to travel between Tenex terminals. It displayed the message “I’M The Creeper: CATCH ME If You Can.”
As we will see, viruses and worms like the Morris computer virus had serious consequences. These repercussions almost resulted in the complete destruction of the internet’s early days. The virus attacks led to a huge growth in the antivirus industry.
Computer Worms in the 1980s
In cybersecurity history, the creation of the first computer virus was a significant milestone. Robert T. Morris was a Cornwell University graduate student who created the first computer worm. To gauge the size of the internet, Morris created a worm in 1998 to investigate it. It was intended to infect UNIX systems so that it could count all connections on the internet. Morris created a worm program to spread across a number of networks and use a known vulnerability infiltrating UNIX terminals. The worm then replicates itself.
This was a terrible mistake. The worm infected machine after machine due to a programming error. The worm caused network congestion, which led to the crash of connected systems. The worm spread aggressively, slowing down the internet to a crawl and causing untold destruction. This worm was the first to receive media coverage. It also included the first program to exploit system flaws.
The effects of the worm lasted well beyond the crash of the internet and its connected systems. Morris was the first to be successfully charged under the Computer Fraud and Abuse Act. Morris was sentenced to three years probation, a $10000 fine, and his Cornwell job was terminated. However, he became MIT tenured professor. Further, the act led to the creation of a Computer Emergency Response Team (precursor of US-CERT).
Computer security was reborn after the Morris worm. This prompted more people to research how to create more deadly and more efficient worms. As worms became more sophisticated, so did their impact on computer networks. Antivirus solutions were developed to combat the spread of viruses and worms.
Computer viruses have risen in the 1990s
As mentioned previously, the Morris worm opened the door to new types of malicious software. Viruses were more dangerous programs that appeared in the 1990s. Melissa and I LOVE YOU viruses infected millions of computers worldwide, leading to an end to email systems around the world. Most virus attacks were motivated by strategic or financial goals. Unseen security measures at the time led to a large number of victims being unintentionally affected. As the attacks were featured in major news outlets around the globe, they became the center of attention.
Cyber threats and attacks became a major concern, prompting the creation of an immediate solution. Antivirus software was born to address this problem. These programs are designed to detect viruses and prevent them from completing their intended tasks. Malicious email attachments were the main method of spreading viruses. Most importantly, the virus attacks caused an increase in awareness, particularly regarding opening emails originating from unknown sources.
The Antivirus Industry
In the early 1990s, there was a rapid increase in antivirus product sales and creation. These products scan computer systems for viruses and worms. The available antivirus software was able to scan business IT systems and test them using signatures stored in a database. The signatures were originally computed hashes and later included strings similar to malware.
Two major problems had a significant impact on the effectiveness these early antivirus solutions. These issues still exist in some current cybersecurity solutions. These problems were caused by the excessive use of resources and the large number of false negatives. Users were most affected by the first because antivirus scanning systems took a lot of resources and disrupted user activities.
The number of malware samples that were produced each day also increased during this time. In contrast to the few thousand malware samples that existed in the 1990s and the 5 million+ by 2007, the total number of malware samples was at least 5,000,000. The legacy antivirus solutions were not able to handle this level of malware. Security professionals couldn’t create signatures that could keep up with new problems. A newer approach was needed to provide adequate protection for all systems.
Endpoint protection platforms have slowly proven to be more effective security solutions in countering the increasing number of viruses and related malware. Researchers used signatures to identify malware family members, rather than relying on static signatures. These solutions were based on the assumption that malware samples are different from other samples. The endpoint protection platform approach proved to be more efficient. Customers discovered that unknown malware could be detected and stopped with a simple signature of existing malware.
Secure Sockets Layer
Security professionals needed to be able to recognize protesting users browsing the internet in light of increasing viruses and worm attacks. In 1995, the secure sockets layer (SSL), was created. The SSL internet protocol allows users to securely access the web and make online purchases. The SSL protocol was developed by Netscape shortly after the National Center for Supercomputing Applications released the first internet browser. The secure protocol was released by Netscape in 1995. It became the foundation for languages like HyperText Transfer Protocol Secure, (HTTPS).
Rise of the first hacker organization
Today, there are numerous hacker groups and organized cybercrime organizations. These groups are made up of hackers with specific hacking skills and often launch cyberattack campaigns with different goals. Anonymous was the first hacker organization to make headlines on October 1, 2003. The group does not have a leader and members come from different online and offline communities. The group first became famous when it attacked a Church of Scientology website using distributed attack (DDoS) techniques. Anonymous has been associated with many high-profile attacks and has inspired other groups, such as Apt38 and Lazarus, to carry out large-scale cyberattacks.
In the 2000s, credit card frauds
Cyberattacks became more sophisticated in the 2000s, or the “new millennium”, as they were popularly called. The first known case of credit card data breaches involving serial data breaches is one of the most memorable. These attacks were committed between 2005 and 2007, when Albert Gonzales set up a cybercriminal ring to compromise credit card systems. They successfully stole confidential data from at least 45.7 millions cards[1]. These were customers who frequented TJX stores.
The breach resulted in a loss of $256 million for the giant retailer. The breach, which involved the compromise of regulated data, prompted the involvement by US authorities. Further, the company was required to reserve funds to be used for compensation of victims. Gonzales was sentenced to 40 years imprisonment. TJX was not protected at the time of the breach and other organizations took this as an opportunity to implement sophisticated cybersecurity programs.
EternalBlue: Lateral movement attack techniques
Cybercriminals can use lateral movement attack techniques to execute codes, issue commands and spread code across a network. These methods are not new to system administrators as they have been around for a long time. Some operating system protocols have lateral movement vulnerabilities that allow cybercriminals execute lateral stealth attack. EternalBlue is a prime example of lateral movement vulnerabilities.
An attacker can exploit the vulnerability EternalBlue to access SMB protocols that allow file sharing across networks. Cyber adversaries are attracted to the protocol because of this. Shadow Brokers leaked this protocol on April 14, 2017. The notorious Lazarus group then used it to exploit the WannaCry attack of May 12, 2017. WannaCry was a ransomware attack that targeted health institutions mainly in Europe. It was quite devastating as it caused the health services to stop for nearly a week.
Other high-profile cyberattacks have also been carried out using the EternalBlue exploit. The vulnerability was exploited by NotPeyta, which attacked banks, ministries and electricity companies across Ukraine on June 27, 2017. It spread to other countries including France, Russia, Poland and Australia. It was also used for Retefe banking trojans.
Cybersecurity laws and regulations
Cyber laws have emerged as a result of the rapid development in technology across different industries. These laws are intended to protect confidential data and systems. The Health Insurance Portability and Account Act, (HIPAA) is one of the most important regulations in cybersecurity history. HIPAA was passed into law on August 21, 1996 with the intention of improving employee accountabilities regarding insurance coverages. The bill was amended several times over the years to make it more focused on protecting employees’ personally identifiable information (PII).
The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Modernization Act, was also enacted in 1999 to safeguard the personal data of customers at financial institutions. A financial institution must provide details about the strategies it will use to secure a customer’s personal data under the law. Financial organizations must inform customers about how they plan to share their personal data in order to comply with the law. Customers have the right not to grant financial institutions access to their sensitive data. For customers to be protected from their sensitive data, financial institutions must have a documented information security plan.
The Federal Information Security Management Act (FISMA), which was passed in 2003, provides guidance to organizations on how to secure information systems. This law provides a detailed framework for protecting government IT assets, data and operations from natural or human-made disasters. This act was enacted following the enactment the E-Government Act (Public Law 107-347), that outlined the major threats to information systems. E-government Act also highlighted the importance of implementing effective security measures to protect against these threats. FISMA is covered by the E-Government Act.
All federal agencies are required to develop and document agency-wide programs to protect information systems. To be FISMA-compliant, an agency must follow the following guidelines.
- Keep track of security measures in use.
- Analyze any threats that may be present or future
- Plan your security strategy.
- Designate security experts to oversee the implementation and continuous monitoring of security plans
- Plan for security review and periodic assessment.
Other regulations have been recently adopted. The General Data Protection Regulation (GDPR) is an example. This regulation sets out mandatory guidelines for institutions that handle PII data. It also imposes severe penalties for any non-compliance. The GDPR protects data only belonging to EU members. The regulation’s fundamental principle is that the ensuing organizations implement appropriate data protection controls. This includes encryption both for data at rest and in transit.
Every organization must obtain the consent of the data owners before they use their confidential information. For failing to secure PII information properly or for using customer data without their consent, organizations can be subject to a maximum of 4% of their annual profits. In the event of a security breach, they can be fined up to 4%.
Cybersecurity frameworks
Different frameworks are also proposed in addition to the existing cybersecurity laws and regulations. These frameworks are intended to help federal and private agencies better secure their information systems. In 2018, the US Department of Homeland Security strategy was launched. The strategy provides guidelines an organization can follow to identify and detect risks. The strategy also outlines the methods for reducing cyber vulnerability, lowering threat levels, and mitigating the effects of a cyber attack.
Federal Cybersecurity Research and Development (R&D) is an alternative. It has been in operation since 2012 and is currently being updated every four years. It recognizes that cyber-attacks can be unpredictable and it is almost impossible to protect yourself 100%. The framework provides guidance to federal agencies regarding effective risk detection and response. It gives guidelines for analysing risk history and classifying them according to their severity. Both frameworks are used by organizations to create and update strong cybersecurity programs.
Recent cybersecurity attacks
Cybercrime is now a mainstream issue. Cybercriminals use attacks to gain monetary benefits. Cybercrime has evolved since the 1980s and 1990s, when malware and worm attacks were intended to prevent unauthorized access.
These sections give some information about recent cyberattacks. Then, it is followed by what these attacks mean for cybersecurity’s future.
Yahoo attacks: Yahoo was one of the most severe attacks of 2013 and 2014. Yahoo accounts of more than 3 billion people were compromised in the attacks[2]. These attacks exploited vulnerabilities that were not patched. To install malware on Yahoo’s servers using spear- Phishing techniques, hackers gained unlimited access to the backdoor. They gained access to Yahoo’s backup database and stole confidential information like names, emails, password recovery questions, and answers.
State-sponsored attacks: Many cases have been reported of state-sponsored attack. In 2018, attacks on a total of 144 universities in the United States used a variety of methods. These attacks took place over three years, resulting in intellectual property losses of $3billion and the destruction of at least 31 Terabytes of data[3]. Iran was implicated in the attacks, according to investigations. Nine hackers of Iranian descent were identified by the United States and brought to justice.
Similar attacks have also been perpetrated by state sponsors. The Lazarus Group hacked Sony in 2014 and was sponsored by North Korea. The hackers published videos and images of actors and films in progress. Lazarus also attacked other countries, threatening their financial institutions. The Bangladesh Bank attack, where Lazarus stole more than $80million [4], was Lazarus’ largest heist.
Gmail and Yahoo hacks: Iranian hackers managed to successfully hack into Gmail accounts and Yahoo accounts of top US journalists and activists in 2018. The attackers used spear-phishing emails and analyzed the behavior of their targets to trick them into entering their login credentials on dummy websites. Even the two-factor authentication technique was defeated by hackers.
Cybersecurity for the future
The history of cybersecurity will give you an overview of how cybersecurity evolved from simple research and experiments to become a mainstream industry. Cybersecurity is now about stopping devastating attacks. According to current statistics, cybersecurity will continue to grow. Cybercriminals will use innovative techniques to execute stealth attacks using emerging technologies such as artificial intelligence, blockchain and machine learning.
As the recent cyberattacks show, attackers can bypass security controls such as two-factor authentication. These attacks are a reminder that cyber security is still a long way off. Security companies and organizations need to rethink how they approach cybersecurity.
Researchers and security professionals must focus their efforts on cybersecurity in the future. They need to reduce the incidence of cyber-attacks and minimize the effects when they do occur.
Artificial intelligence is currently integrated into antivirus and firewall solutions in order to improve detection and response capabilities. Cyberattacks are also more focused on compromising security because most organizations have automated their processes. This is done to stop them from performing normal operations, such as locking out system users and stealing sensitive data.
5G networks are set to automate transportation infrastructure. Technology advances propel cyberattacks forward.
These advances must be anticipated by actively seeking out countermeasures.
