The way a business handles its network security typically defines what kind of problems come from their use of information systems. As a result, cybersecurity has become a major part of any forward-thinking organization’s IT strategy and has become a multi-hundred-billion dollar a year industry. Of course, it wasn’t always such a huge problem. The history of cybersecurity doesn’t go back very far, but since it has such a major impact, we thought it would be interesting to go back a couple decades and look at the brief history of the practice.
We’d like to start by describing the cybersecurity industry as it stands today. Cybercrime is taking in at least $1.5 trillion in profits each year and growing. Some have predicted that damages from cybercrime will reach $6 trillion by 2021. To remedy this theft, the cybercrime market has grown to be a $200 billion a year industry. Security breaches are up by 67 percent over the past five years.
With 76 percent of all businesses targeted, the most popular method of attack is now phishing. This method can deploy malware of all types (including ransomware), reveal sensitive information, or steal login account credentials for direct access. The worst part is that most people that have been successfully phished have no idea until something dramatic happens. In fact, it’s with phishing attacks leading the way, billions of records are exposed, stolen, or corrupted each year.
With so much at stake, you can see that cybercrime has become a huge issue for businesses of all sizes.
It wasn’t always so.
It may be hard to believe, but the history of a trend that is syphoning trillions of dollars off of the economies of the world started, innocuously, as a research project. A man named Bob Thomas made the astute observation that it may be possible for a computer program to move across a computer network and leave a trail. He then wrote a code that he named “Creeper”. His program was designed to travel between Tenex terminals on the ARPANET. The message read “I’M THE CREEPER: CATCH ME IF YOU CAN”.
The idea came across the attention of email inventor Ray Tomlinson. Tomlinson changed the program to be self-replicating. In essence, this was the first computer worm. Immediately after, he wrote what was called “Reaper” which chased down the Creeper code and deleted it. It was effectively the first antivirus software.
One could be surprised to see just how benign the beginnings of cybercrime were. In the 1980s Soviet hackers were the first to consider the applications designed by academics could be used to infiltrate other networks. This notion quickly spread, and in 1986, German hacker Marcus Hess hacked an internet gateway hosted at the University of California at Berkeley. He then used that connection to piggyback onto the ARPANET. He hacked into 400 computers in all, including mainframes hosted at the Pentagon. His plan was to sell the secrets found on these computers to the Soviet KGB. He was caught in a cooperative effort between the FBI and the West German government. His conviction, the first of its kind, resulted in a 20-month suspended sentence.
At the same time, computer viruses started to become serious threats; and, with the exponential increase in connectivity that was happening at the time, the computer virus had become a serious threat for the very first time.
In 1988, a software engineer named Robert Morris decided that he wanted to see just how large the Internet was. He wrote a program designed to spread across various networks, get into Unix terminals, and replicate. The software replicated so quickly that it slowed the early Internet, causing major damage. Known today as “the Morris Worm” it caused a huge stir and is the impetus behind the formation of the Computer Emergency Response Team (what is known today at US-CERT). Morris, who is now a longtime professor at MIT, was the first person convicted under the Computer Fraud and Abuse Act (CFAA), a statute that aims to protect against unauthorized access.
Once the Morris Worm situation was handled, viruses started being developed at a dizzying rate. The antivirus industry, a product since 1987, began to grow fast. By the time the Internet started entering homes in the mid-1990s, there were dozens of different solutions for antivirus. These antivirus programs scanned the binaries on a computer and tested them against a database of virus code signatures. There were major problems that you can actually find with these programs today. In an effort to be comprehensive, they find a lot of false positives. They also have a tendency to use a lot of a system’s resources to scan for viruses, leaving a computer inoperable, or frustratingly slow.
In the mid-nineties there were only a few thousand known viruses on the Internet. As time went by, however, this number rose substantially. By 2007 there were around five million different malware strains that included: worms, viruses, trojan horses, and more. By 2014, 500,000 different strains of malware were being created every day.
Security had to catch up. The antivirus solutions couldn’t keep up with the constant stream of malware. They simply couldn’t scan fast enough. Innovations in cybersecurity came quickly. First came endpoint protection platforms (EPP) that didn’t just scan for individual file types, they actively scanned for malware family similarities. Since most malware originated from a single idea, they share a lot of traits with similar malware, making it easier for EPPs to identify malicious code.
With advanced malware becoming more of a problem, defeating endpoint protection regularly with the addition of tools such as VBScript, PowerShell, Office Macros, and DDE attack, it was time for further innovation. This timeline was exacerbated by the deployment of WannaCry. WannaCry was, to that point, the most devastating piece of malware ever deployed. WannaCry was such a huge surprise to security professionals because the vulnerability it had used had already been patched by Microsoft.
WannaCry encrypted the data on a computer and forced the owner of the computer to pay the hacker in Bitcoin to get access to those files. This signaled a hard turn in the cybersecurity industry. If people with a mind to do harm were going to have access to software like this, it was important that cybersecurity innovated right alongside it. Since the only way to know if you were being infiltrated was to have transparency in your network, administrators started to use endpoint threat detection and response (EDR) services to proactively monitor their important computing resources and their networks. Today, EDR solutions are the cutting-edge solutions to keep malware out of your network.
If you would like to know more about cybersecurity, or if you are just interested in keeping your business’ data and network safe, call Citara Systems today at (508) 532-0837.