Cybercrime Has Evolved, How About Your Security Software?

We have seen the world transformed radically since the internet was turned into a public commodity in 1991. The world then did not even realise how big the internet would get and how this information ecosystem will become pervasive in our daily lives.

We now use this modern marvel for almost everything we do, from simple communication to online banking and purchasing. We can now use the internet to control our homes, vehicles, and other smart devices. We go to the internet to book travels, manage off-site teams, and handle businesses from anywhere in the world. Without a doubt, the internet has become an integral part of our global economy, but as the internet evolved, so did cybercrime.

Cybercrime has intensified through the years. Hackers are quick to exploit all opportunities they can find to conduct malicious activities for profit through the internet. As a matter of fact, cybercrime has become a trillion-dollar industry on its own. There is an insatiable market for vulnerabilities, botnets, APTs, phishing-as-a-service, ransomware-as-a-service- and other cyberattack kits and services. 

Data has become a money-spinner for thieves and traders of internet data, as it has become a steady source of income for both small-time and big-time cybercriminals.

Strategies to harvest and steal data have evolved. How about cybersecurity? Is it able to catch up? How are today’s cyber defense systems holding up against cyberattacks?

Let’s see how cybercrime and security software have advanced through the years:

1. Reaper and Creeper

The first occurrence of computer worm started as an innocent game among friends Bob Thomas, an engineer at BBN Technologies, and Ray Tomlinson, the inventor of the email. Thomas wrote a code that would become the first worm that could move between computers connected to the ARPANET (the basis for internet) and named it “Creeper,” with the tagline, “Catch me if you can.” His friend and colleague, Tomlinson, created a program in response and named it “Reaper.” The Reaper could move across the network, copy itself as it went, would find the Creeper, and delete the worm. The Creeper is now dubbed by many as the first-ever computer worm, while the reaper inspired the onset of programming game.

2. The Morris Worm

The Attack: Cybercrime took the form we are more familiar with today when the Morris Worm was unleashed in 1988. It was a self-replicating program that quickly turned into the first global-scale Distributed Denial of Service (DDoS) attack. It crashed servers and computers worldwide.

The Defense: The creator, Robert Tappan Morris, not expecting such an outcome of what he has created, released the protocol for shutting the program as quickly as he could. Still, by this time, critical damages have been put to effect on a world-wide scale. A year after, Morris was convicted breaking the Computer Fraud and Abuse Act.

3. ILOVEYOU Virus

The Attack: The ILOVEYOU virus or Millennium bug wreaked havoc in 2000. The perpetrator was a student from the Philippines that unleashed the virus as part of his thesis. Just when most of the world was still recovering from Y2K or Year 2000 bug, a calendar and data programming problem within computer systems at the wake of the new millennium, the ILOVEYOU virus contaminated data by duplicating itself through the victims’ contacts via email. People kept opening the emails since they were supposedly sent by trusted sources, and because of the intriguing  subject title, “I love You,” and the attachment file name, “Love Letter for You.” It proved irresistible not to open, as 50 million computers were infected worldwide in a matter of a few hours. At a time when people were not using security software or backing up their systems, the ILOVEYOU virus caused a tsunami of malicious emails within systems and agencies, and the damage caused took a long time to clean up. Since there were still no laws criminalizing cyberattacks during that time in the Philippines, the perpetrator was not charged criminally for the massive attack.

The Defense: Antivirus companies released a patch, although it took a while for everyone to download the fix. Antivirus software became a household name and the number one must-have for all computer owners from then on out. Sadly, 90% of all email sent today is spam, targeting employees and users from large networks where the most damage and the highest financial profits can be collected. Thus, the importance of making sure that your security system is reliable and always up-to-date, and the users of your network are practicing good cyber hygiene.

4. Phishing

The Attack: Phishing turned its ugly head out of murky cybercrime waters. It used emails as its mode of attack, but with a higher level of trickery than the ILOVEYOU bug. It copied trusted sources like banks or network providers to lure their victims. Phishing scammers use identical images, logos, email addresses, and the like to trick the victim into thinking they are corresponding with a legitimate member of the company or service being copied by the scammer. Even government officials have taken the bait of phishing scams, like what happened in the data breach of the Democratic National Committee in 2016, that was due to a phishing attack. The moment the victim clicks on the link or replies to the email, the attackers now lure them into giving up sensitive information, like addresses, credit card details, social security numbers, and the like. Social Media phishing attacks have become increasingly rampant as well.

The Defense: Phishing attacks may be simple, but most cyber attackers still use it today, simply because people are still falling for it. Most institutions defend against this attack through faithfully collecting data of possible phishing attacks from their customers, peers, and cybersecurity journals and the like. The discovery of these attacks is crucial at the onset, and once they uncover the attacks, their software security teams attempt to shut down phishing sites immediately. Usually, the company suffering from a phishing attack will send repeated message blasts throughout their network of customers and peers, to prevent further attacks from happening, and for consumers to be on the cautious side in the case of future attacks.

5. Ransomware

The Attack: Ransomware does more than lure people in. These kinds of attacks are unapologetically straightforward, stealing valuable data in your network, accounts, and physical devices to encrypt them and block the user from gaining access to their data or device. Attackers then communicate to the user that for them to regain access, they’d have to pay a certain amount. In some cases, the threat is to expose sensitive data publicly. This kind of attack has been used on private individuals to government officials, like the WannaCry attack in 2017 perpetrated by North Korean hackers who leaped through loopholes set by the US National Security Agency (NSA) and penetrated the Windows OS of more than 200,000 computers in 150 countries. North Korean hackers were also behind the release of private emails of some Sony Picture’s executives, trying to stop the worldwide cinematic release of the movie, “The Interview,” depicting their leader.

Webroot describes this labor-intensive kind of attack, “Ransomware requires criminals to execute a successful phish, exploit, or RDP breach to deliver their payload, bypass any installed security, successfully encrypt files, and send the encryption keys to a secure command-and-control server—without making any mistakes,” and “help the victim purchase and transfer the Bitcoin before finally decrypting their files.” 

Nonetheless, ransomware attacks remain a rampant strategy for cyber attackers today.

The Defense: Norton advises that you should refrain from paying any ransom since it does not give you any guarantee that you’ll regain control of your data, nor cyber criminals from ceasing from their malicious attacks against you and your data. The best defense is to back up your data. Security software developed this feature so you can restore your device to your most recent back-up point. Be cautious about suspicious emails from unverified sources to avoid phishing attacks that ransomware attackers use as well to breach your data. The use of robust, updated security software and firewall is a must, so your system has a way of scanning content and filtering messages coming into your mail server. Always confirm the source validity of suspicious emails with your IT department or contact the person through another means of communication Security software continually monitor vulnerabilities and attacks happening within their network, and releases patches or fixes right away to combat these attacks. Do not ignore these notifications and update your software when prompted. Avoid accessing your accounts through public wifi or public devices to minimise getting attacked and compromising your network as well.

6. Cryptojacking

The Attack: Cryptojacking embeds JavaScript code into a site so it can get the processing power of these sites to harvest cryptocurrency without the host even knowing it. The host will probably experience slowdowns in their system without even realizing that they have this parasitic cyberattack happening in the background. Since it embeds itself into the code, it’s hard to detect with standard security measures. Profits are attracting cryptojackers to keep doing this cybercrime because it takes little effort to earn millions. Coinhive, for instance, was discovered to perpetrate 60% of all cryptojacking attacks, causing the ire of the digital community. They shut their services in 2019, but other services quickly filled the void it left.

The Defense: The rise of Artificial Intelligence (AI) technology has proved so effective in defending against cyberattacks, including cryptojacking. Thru AI, codes can be thoroughly-checked and repeatedly scanned throughout the day, and at the onset of any malicious code, a warning or notification can be sent automatically to cybersecurity analysts and programmers for immediate defense.

These are some of the cyberattacks the world has seen. This video below gives you more insight into what cybersecurity has dealt with defending the digital world from cyberattacks.

The evolution of cybersecurity as a result of growing cyber threats and the evolution of cyberthreats also comes from the growing defense of cybersecurity. In the past, cybercrimes targeted single computers using single malicious attacks; today, the threats have become advanced and widespread, on multiple devices and users, on a global scale. Most security software has grown from its defensive measures to take on the offense in its stance against cybercrime. Installing security software in the past had only been an expensive option, but today, security software companies are releasing free versions of their app to keep the world safe. Having antivirus software, a VPN and a firewall system are basic and commonplace for internet users far and wide, proof that the awareness on cyberattacks is no longer a thing for internet experts alone.

Conclusion: Cybersecurity to Go With the Times

To be prepared for this next generation of cybercrime takes all of us to work together to keep ourselves and the digital community safe. Prevention is the first step to protection, and that begins by securing your own devices and network, knowing the latest threats and trends in cybersecurity, and getting the best security software that fits you. If you are a business owner, do not lag on your company’s investment in cybersecurity, as you owe it to your consumers who trust you to keep your network secure and their data safe.