The theory of evolution proposed by Charles Darwin is based on the concept of change in characteristics of a population over successive generations. An apt example of this is that of the homoserines, where the achievements of the descendants are nothing but the further development that of their predecessors. The same holds true for all other aspects, including technology, and yes, even cybercrime. With advancements in technologies, there has also been a direct proportional development in their related misuse. With digital technologies focused on computer systems, networks, the internet, etc., impacting our day-to-day lives, cyberthreats have also evolved to become more aggressive, stealthy, and potent.
By Rahil Karedia, Global Head – Threat & Security Intelligence and Security Advisory, Network Intelligence, Inc.
Cyberthreat has been in existence since the early stages of communication and is evolving since then with the subsequent development of technology. From Landline hacking in the 1970s to cryptojacking in 2021, cybercrimes tend to become more and more sophisticated with time. With every passing decade, the technological society and cybersecurity professionals find themselves amidst highly coordinated and relentless attacks on digital assets and infrastructure, where the existing solution or defense either fell short or was not scalable enough for the implementation of emerging technology.
The 50s ad 60s
Cyberthreats in the Pre-millennial era looked completely different than what we know or imagine today. Even before the internet was introduced, cybercrimes were being conducted through targeting telecommunications. The fact that people could reach out to other people over a large distance while being unseen.
Landline Hack: Throughout the 1950s and 60’s the wired telecommunication technology was booming, and landlines were available in the majority of households across developed countries. This decade also marked the onset of the first digital-based crime known as “Phreaking,” where the perpetrators exploited the tone system used in telephone networks . The episode dates back to the late 1950s, where a group of phreaks, a short form for the term “Phone Freaks” , decided to hack telephone networks by making unauthorized and unauthenticated long-distance phone calls by reverse-engineering the tones used by the telephone organizations. They also set up special party lines to help other fellow phreaks. Perpetrators often impersonated officials, an extensive search of the Bell Telephone company garbage to find any secret information or data, and experimented on the early telephone hardware to learn how to exploit them meticulously, which results in free long-distance telephone calls .
“The introduction of computer virus”
The decade of over-the-top fashion and new genres of music also saw a new change in the digital landscape. Though research on self-replicating programs was in progress since the ’50s, the first practical implementation, i.e., a computer virus attack was seen in the early 1970s . Bob Thomas, an engineer at BBN Technologies, wrote an experimental self-replicating program, which could move between computers connected by the ARPANET — the technical foundation of the internet .
As it could move from one system to another, it was termed as ‘Creeper,’ and while coping itself to the remote system of the 33 ASR teletype model, it left a message that read: “I’M THE CREEPER: CATCH ME IF YOU CAN,” . The techniques which were used in the Creeper were later used in the McROSS — Air traffic simulator to allow certain parts of stimulation to move across the network. The invention of Creeper was soon followed by the development of its enhanced versions. Ray Tomlinson later coded an enhanced version of the Creeper and also went on to write a program called the Reaper, which moved through the ARPANET removing the existing copies of the Creeper.
With the trend of developments and enhancements that defined this decade, programmers with malicious intent for destruction began to emerge, and soon various other viruses were coded and deployed. One of the progenies of such a trend was the rabbit virus that came to light in 1974. This virus is also considered by some as the foundation to early malware, as it was coded to self-replicate until the system crashed .
The decade that was witness to the birth and propagation of personal computers and wireless telecommunication was also witnessing a prominent growth of destructive viruses. In the same year of 1981, when IBM released its first personal computer, a ninth-grader from Pittsburgh wrote a program called “Elk Cloner” that attached itself to Apple DOS 3.3 OS and was designed to be activated on its 50th use. This was the first virus to appear in the wild and was spread through the mean of the floppy disk.
The term ‘Computer Virus’ was coined by Leonard Adleman, and research termed “Computer Viruses – Theory and Experiments” was first published by his student Fred Cohen in 1984. With the passing years and constant evolution of technologies, viruses started becoming more sophisticated and destructive every year. In 1986, the PC platform was struck with the first-ever “Global epidemic” called the “brain virus,” as the internet was connecting many systems across the globe, hence, scaling up the spread of the virus. The propagation of the brin virus depicted the lack of security of the systems and was followed by the Vienna virus in the 1987’s, the first-ever virus which was meant to destroy the data.
This decade saw the actual rapid evolution of computer viruses that began to be classified into different categories based on their behavior, such as worms, trojans, etc., that developed with time. The first-ever worm— Morris Worm, was released in November 1988 by Robert Tappan Morris. Morris wasn’t aware of his creation as to what capabilities it held, as it was not designed with an intent of malice. In 1988, the Morris worm, which replicated itself soon with time, evolved into the world’s first large-scale Denial-Of-Service (DOS) attack. It spread through the world and brought many organizational servers and personal computers to a halt. Though Morris released the solution soon enough, for shutting down the program, severe damage caused by the worm was already done and evident. Morris was prosecuted and charged with violating the Computer Fraud and Abuse Act in 1989 .
Ransomware attacks first became known to the public in 1989, where the “Aids Trojan” was used to hide files. It was written by Joseph Popp and coded so that the files were encrypted with their names and, when done, displayed a message that stated: “User license to use the software has been expired.” The victims were asked to pay 189 dollars to the PC Cyborg Corporation to receive the repair tool that decrypted the encrypted files . Though this was not considered extremely damaging as encrypting files with names backfired and was easy to restore, this gave rise to the idea of extortion through encryption which soon caught on. Since then, ransomware attacks have evolved and have become more sophisticated, as seen in recent times. Ransomware has grown to be the biggest cyberthreat in today’s time.
On the positive side, this decade witnessed the rise of cybersecurity, with many antivirus products becoming commercially available in the market. Many businesses targeting this market emerged around this period, which includes renowned cybersecurity giants such as Avast, McAfee, etc.
As the world went online through the boom of the internet, this decade witnessed the first polymorphic viruses that replicated themselves while the original algorithm was intact in order to avoid any kind of detection.
As organizations began to digitalize and incorporated this into their marketing strategy, i.e., providing free disk, this gave malware a platform to spread further. By 1996 many viruses evolved like the stealth capability, polymorphic viruses, macro viruses, etc. They kept multiplying and spreading in the wild in such a way that by 2007, there were more than five million viruses and malware .
Towards the end of the 1990s, emails were a booming trend, and almost everyone with a system and internet connection possessed an email-id for themselves to communicate with ease. This became one of the most popular platforms for threat actors to spread malware and spam. Phishing attacks made the most use of this platform to trick victims into providing sensitive information or downloading malicious attachments.
In 1999, the Melissa Virus surfaced, which initiated the victim’s system via a Word document. It emailed copies of itself to the first 50 email addresses in Microsoft Outlook. It is still one of the fastest spreading viruses, which caused a damage of 80 million dollars to rectify and fix the damages.
The Turn of the Century
AS time progressed, viruses started becoming more progressive and sophisticated, which was evident throughout the 2000s. Numerous viruses came into existence, targeting specific functions of the system via the internet, network, and techniques, ranging from keystroke logging to advanced ransomware attacks.
The Distributed Denial of Service (DDOS) was the epitome of network-based attacks, as the world noticed a breakpoint in Feb 2000, where a series of DDOS attacks surfaced when a 15-year-old Canadian hacker known as the “mafia boy” mounted and executed the DDOS attacks which targeted the e-commerce websites (including Amazon and eBay). The attack led to a loss of 1.7 billion dollars and forced organizations to shut down their websites to regulate legitimate traffic flow.
With the start of the 2000s, a new era of malware emerged as emails were seen as exploitable access points for the perpetrators, who aimed at causing more destruction. The ‘ILOVEYOU’ worm infected nearly 50 million systems which corrupted the data and self-propagated itself by exploiting the victim’s email contacts. This gave an insight into how cybersecurity was crucial and the necessity for all systems to have antivirus software installed to safeguard their systems and data.
The 2000s came to be known as the carding era , where digital cash was still a new thing, and people using their Debit Credit cards to purchase various items online. With people relying on the internet for various purposes and digital transactions becoming a trend, Carding attacks increased. Speculations started with the Russian carding forums and marketplaces used by the perpetrators to steal card details and utilized sensitive information for multiple purposes like identity theft and phishing attacks. Cardholders who often used e-commerce platforms were susceptible to carding and phishing attacks, allowing perpetrators to access sensitive information critical to their personally identifiable information (PII). The stolen details were often sold to other criminals or put on sale on various hackers’ platforms and the dark web. The stolen details are often used to make new, fake cards. One such website was the CarderPlanet, founded by Golubov D.I. et al. in the year 2001.
Data breaches soon became the center of attraction for the information security landscape due to the emergence of various malware attacks in the decade. In contrast to the previous era where the threat landscape saw the evolution and drastic changes occurring in the time frame of few years, the 2010s and the subsequent decade would see a change in trend every year. There were not any notable novel cyberthreats in this decade, but the development in the existing threat and attack vectors, and their aspects such as mode of dissemination, target, counter anti-cybercrime strategies contributed to the exponential growth of the threat landscape. As time passed by, various new attacks were witnessed with the bypassing years like :
- The year of the data breach – 2011
- The post PC era – 2012
- The year of online banking threats – 2013
- The year of cyberattacks – 2014
- The year of botnets – 2015
- The year of digital extortion – 2016
- The year of global ransomware outbreaks – 2017
This decade saw numerous organizations become victims of data breaches and malware attacks. Especially the initial years were known to be the most challenging for organizations and cybersecurity professionals as the victims of data breaches lost reputation due to the loss of confidential and sensitive information and bore resulting financial burdens and losses towards stabilizing the situation and fixing the damages. Conditions were adverse where organizations like RSA and Sony Play Station had no other options other than disclosing the details and facts about the attack against their organization to assure their customers that proper mitigation steps are taken to resolve the issues.
After initial years the digital data and online presence of users started to move away from personal computers and towards mobile and virtual machines. This change is marked as the post-PC era and also noticed a significant rise in the cybercrimes focused on Android platforms, social networking sites, cloud, etc. As it took less than three years for android devices to reach the threat level of the PCs, which took nearly 14 years for the same, mobile-based cyberthreats and attacks rose in recognition.
The future of cyberthreat is projected to be similar to that of the previous decade, where the existing threat vectors and attacks will be developed upon with unique implementation across emerging technologies such as the Internet of Things (IoT), cloud computing, and virtual machines, and blockchain technology. Attack vectors such as phishing and social engineering are here to stay, and the cybersecurity experts do not see them going away any time soon.
Apart from this, the IoT and blockchain technology has given rise to a new form of threat known as crypto-jacking. Crypto-jacking is an evolved form of botnet attacks and is an attack carried out by perpetrators who gain unauthorized access to the victim’s devices (PCs, Tablets, Mobiles, serves of an organization, etc.) to mine cryptocurrencies. Cryptocurrency is digital or virtual money in tokens or coins based on blockchains, and Bitcoin is one of the most popularly known cryptocurrencies. The main of crypto-jacking is to benefit from crypto mining without bearing the vast costs (mining hardware, high electricity costs) of the mining process . Cybercrimes related to cryptocurrencies are seen from 2009 till date, but the cryptocurrency sector is booming, and many individuals investing in cryptocurrencies (especially the ones that have larger values such as bitcoin) have drawn the attention of many attackers. It embeds itself on the victim’s device and uses its resources to mine cryptocurrency.
Cybercrimes have evolved drastically! And malicious use of programs and exploitation of vulnerabilities has greatly modified the cybersecurity landscape. From small viruses that were created as pranks to their use as a threat evolved with time and then scaled to spread across the globe with change from ARPANET to the internet. With the introduction of platforms such as email, networks, cloud, IoT, blockchain, etc. that connected people and data across the globe with lightning speed, the attackers were on the run to create the perfect virus, malware, and other attacks which would compromise on the authenticity, integrity and the confidentiality of the data and cause great harm to the victim and systems.
With the development of technology and integration of security standards, attackers pushed themselves to be a step ahead and create advanced malware, trojans, ransomware, and protocols and procedures that successfully bypassed the security mechanisms. This has been a recurring stance since the technology started developing. Cybercrimes, like cybersecurity, are a forever developing and evolving process. Perpetrators are constantly working on building sophisticated threats, malware, etc., on infiltrating the prevalent and upcoming security measures. It is essential to enhance security measures and protect ourselves from becoming a victim of the ever-growing cybercrime.
About the Author
Rahil Karedia, Global Head – Threat & Security Intelligence and Security Advisory, Network Intelligence, Inc. Rahil is a trusted, responsible and knowledgeable cyberspace veteran with more than five years of experience in operational security domains such as Security Operations Centre (SOC), Threat Intelligence (TI), Threat Hunting (TH), and Incident Response (IR). He is currently leading Threat Intelligence, Security Intelligence, and Security Advisory services.
He has assisted corporate, government, and defense customers from diverse industries (Banking and Finance, Healthcare and Insurance, FinTech and Biotech, Oil and Gas, Power Grid and Nuclear Facility, Government and Foreign Affairs, Aerospace and Defense, Surveillance and Investigation, etc.), for effectively managing the Cyber Security workforce by providing clear visibility on their cyber risk profile and exposure to the cyber threats. He is currently serving EC-Council’s Global Advisory Board for CTIA and has jointly authored a Cyber Research whitepaper on “Role of a Pen Tester in Ethical Hacking” with EC-Council.
Rahil is also focused on terrorism and cyber terrorism, CBRN terrorism, and human trafficking and migrant smuggling issues. He has jointly collaborated with the U.S. Army, U.S. Army TRADOC, and CSFI on four projects related to cyber intelligence, operational security, and telecommunication and internet surveillance.
Rahil’s key aim is to assist and enable organizations in taking intelligence-driven decisions and actions in cybersecurity operations and management.
Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.