How cyberthreats and attacker behaviours have emerged and evolved.
Information security has been continually shaped by how fast things change and how attackers learn from the past and each other, innovating and adapting at ever increasing.
A recently released report shows how different cyberthreats and attacker behaviours emerge and evolve, providing context and vital learnings for what we see today and are likely to see tomorrow.
The Cyberthreats: a 20-year retrospective Report by Sophos provides a timeline of the threats and events since 2000 that have had the greatest influence on the security landscape.
Three main eras of cyberthreats include:
2000 to 2004 – The early years of the millennium saw one worm after another unleashed onto the world. They rampaged across the internet with infection rates that could double in under 10 seconds, affect around 10 per cent of all internet-connected hosts and, at one point, account for 25 per cent of all spam. Many of the worms abused vulnerabilities for which patches were already available and at least one showed constant development to outfox security detection. These worms caused around US$100 billion in damage and mitigation costs overall and paved the way for the massive spam spreading botnets that would be used for ruthless monetization.
2005 to 2012 – The years when cybercrime became a business. Well organised spammers targeted users with pharmacy scams and malvertising, and the landscape was changed forever by exploit kits and nation-state-sponsored threats and their advanced, expensive tools. The Storm botnet, nicknamed “the world’s largest supercomputer,” is estimated to have compromised between one and 10 million devices. In 2009/2010, Stuxnet showed the world how cyberweapons could be used to target physical systems, also releasing four zero days into the wild that would be seized upon by cybercriminals out for financial gain. The rise of cryptocurrencies facilitated a new money-making opportunity for attackers: ransomware.
20013 to Present – Over the last few years, no cyberthreat has had a more damaging impact than ransomware. To date the damages and the impact of ransomware run into the trillions of dollars. Away from ransomware, this era saw the transformational attacks of Wannacry and NotPetya, a continuation of the botnets, the worms, the spam and the leaking of nation-state sponsored cyberweapons. Online payment theft, ever more sophisticated phishing, the decline of online privacy and everything-as-a-service that has brought cyberattacks within the reach of even the lowest-skilled cybercriminal also feature in the ever-growing, increasingly complex threat landscape.
What were the cyberthreats that challenged you as a CIO or CISO?