Over the past decade, cybercrime has become big business — a $1.5T industry with an entire ecosystem of organisations run like legitimate organisations. Some offer technical leadership and step-by-step instructions through robust customer service via ransomware-as-a-service. The most brazen threat actors have even taken out pop-up ads selling their products.
Yet, while the cybercrime industry has exploded in the past ten years, the truth is that cybercrime is not a new kind of threat. In fact, it goes back not just decades but centuries.
The Fascinating History of Cybercrime
Technically, the first cyber attack happened in France well before the internet was even invented, in 1834. Attackers stole financial market information by accessing the French telegraph system. From that moment on, cybercrime has grown exponentially, marked by an intriguing evolution of tactics, techniques, and procedures — all implemented for malicious gain.
Still, cybercrime didn’t really find its footing until the mid-point of the 20th century. Spurred on by the digital revolution, cybercriminals became early adopters of technology, using their head start and their smarts to engineer new, devious ways to part people and organisations from their data and dollars.
If there was a Cybercrime Hall of Infamy, its halls would be lined with the names and faces of these noted attackers whose “groundbreaking” work caught both the eye of federal investigators and the envy of fellow hackers.
The modern history of cybercrime began when Allen Scherr launched a cyber attack against the MIT computer networks, stealing passwords from their database via punch card.
The first computer virus was created for research purposes by Bob Thomas at BBN technologies. Referred to as the Creeper Virus, the self-replicating program was detected on the ARPANET in 1971 and foretold the potential of future viruses to cause significant damage to computer systems.
Ian Murphy became the first person ever to be convicted for committing a cybercrime after successfully hacking into AT&T’s internal systems and changing their computers’ clocks, causing havoc.
The first major cyber attack on the internet came courtesy of Cornell grad student Robert Morris. The “Morris Worm” struck in the year before the World Wide Web debuted, back when the internet was primarily the domain of academic researchers. It infected computer systems at Stanford, Princeton, Johns Hopkins, NASA, Lawrence Livermore Labs, and UC Berkeley, among other institutions.
The 1990s: New Technology Brings New Crime
The decade of the ‘90s gave rise to some of the greatest communication technologies known to mankind, with the internet connecting people across different communication networks wherever they were, all over the world.
But it wasn’t all good news. Cybercrime grew in strength thanks to these advancements. Hackers and bad actors leveraged the fact that, as these new technologies were developed and built, trust and safety controls weren’t initially a major concern.
Cybersecurity was a term yet to be coined, let alone an active field, so creating groundbreaking applications for communications and business efficiency was the principal focus of these early days. Nevertheless, an underground economy was slowly growing in strength.
Escalating rates of cybercrime signaled that attackers now enjoyed fresh opportunities and were devising new means to gain unauthorised access to systems and manipulate data across the web. Here’s some of the notable cyber crimes of this decade:
Datastream Cowboy and Kuji — a 16-year-old British schoolboy and his accomplice — used a “password sniffer” program to launch a series of attacks that crippled the Air Force’s Rome Laboratory, while stealing research data used as attack instructions for warplanes in battle.
Vladimir Levin was the first known hacker to attempt to rob a bank — and a very big bank at that. He hacked into Citibank’s network and conducted an abundance of fraudulent transactions. All told, he transferred more than 10 million dollars into various bank accounts worldwide.
Kevin Mitnick — one of history’s most notorious hackers — became the first person to penetrate large networks by manipulating people and using insiders to get the codes to access Motorola and Nokia, among others.
Max Butler, a security consultant for the FBI among others, hacked into U.S. government websites under false pretenses. The U.S Air Force alerted officials to his misdeeds, and he received an 18-month sentence. Later, for another illicit foray, he was sentenced to 13 years, a record for a hacker.
Computer viruses were relatively unknown by the general public until the Melissa Virus struck in March 1999 and affected users across the internet, corrupting their Microsoft document files and causing an estimated $80 million in damages.
The New Millenium: Cybercrime Ramps Up
The first decade of the new millennium saw more sophisticated attacks and an abundance of advanced persistent threat actors (APTs), most of which were sponsored by nation-states. The evolution of cybercrime meant new viruses and worms, which caused significant damage to critical sectors of the global, digital economy.
By decade’s end, cybersecurity was a concern to computer users everywhere, but especially to government agencies and large corporations who had the most at stake. Here’s the most notable cybercrimes of the decade:
A 15-year-old hacker named Michael Calse — who went by the online handle “Mafiaboy” — launched a series of distributed denial of service (DDoS) attacks on some of the largest commercial websites in the world, sites like Amazon, Yahoo, CNN, and eBay. The attack brought the sites down for hours in some cases and cost these businesses untold millions.
A security breach at a U.S. retailer led to the data leak of 1.4 million HSBC Bank MasterCard users.
In one of the largest breaches ever, Heartland Payment systems were attacked using a combination SQL injection, password sniffers, and malware, compromising the data of 134 million users.
2010s: An Explosion of Cyber Attacks
The past ten years have seen an explosion in cybercrime, turning what was once a cottage industry into big business. Attackers developed new malicious programs and techniques, which increased both the cybercrime rate and the number of attacks per day. Trillions of dollars were lost.
Cybercrime wasn’t the only industry that saw huge growth. Organisations began employing more cybersecurity professionals to counter the risk of cyber threats as the sense of assumed digital security dissipated. And, due to the demand for constant data security, a new field emerged known as ethical hacking, whose sole purpose is to discover vulnerabilities prior to malicious exploitation.
The evolution and increased sophistication of different types of cyber threats and how they’re leveraged in attacks puts organisations in precarious positions when it comes to defending against them. Here are the most damaging attacks from this most damaging decade:
The Stuxnet worm — called the world’s first “digital weapon” — attacked nuclear plants in Iran, sabotaging the country’s uranium enrichment facilities.
The Zeus Trojan virus was distributed around the world via email in an attack targeting financial services organisations. The 100-plus-person crime ring, based largely in the U.S., managed to steal more than $70 million from American banks.
In a notorious nation-state attack, Operation Aurora was launched by Chinese military hackers on more than 20 leading technology companies. The public was first made aware of the attacks when Google notified the public that its intellectual property had been seized in the attack.
Sony Corporation announced In April that, over the course of a few days, hackers stole information from 77 million users of its PlayStation Network. This included gamers’ usernames and passwords, their birthdates, answers to security questions, and more. It took 23 days to recover the system and remediate the threat.
In perhaps the largest high-profile data leak of all time, whistleblower Edward Snowden revealed sensitive information stolen from several foreign governments with spyware software as part of the National Security Agency’s PRISM surveillance program.
Over 110 million Target customers had their credit card records stolen in a phishing attack. The scheme involved a malware-laden email to the company’s HVAC subcontractor, allowing the cybercriminals to gain access credentials to the data.
A researcher discovered that Finnish telecommunications Nokia was essentially conducting man-in-the-middle attacks on its smart phone users by sending HTTPs traffic through its servers and decrypting data. The company said it did so to help compress data and keep rates and charges reduced.
The first strains of SamSam ransomware appeared, which by 2018 had earned its creator nearly $6 million. Among its highest-profile “hostage-taking” strikes were the City of Atlanta and the Colorado Department of Transportation.
A successful spear-phishing attack against high-value Defense Department targets with customised emails led to a data breach of information for 4,000 military and civilian personnel who worked for the Joint Chiefs of Staff. The attack forced the Pentagon to shut down its email system.
TeleCrypt ransomware appeared and targeted gamers, who downloaded it while playing games online. Luckily, a free decrypt tool was quickly created by researchers at Malwarebytes.
The Austrian Aerospace firm, FACC AG, was defrauded of 50 million Euros in a spear-phishing scheme that tricked a finance employee to transfer the money into bank accounts controlled by the cybercriminals. As a result, the company’s CEO was fired.
Perhaps the most insidious of all ransomware strains, WannaCry, managed to affect more than 200,000 Windows computers in 150 countries. It was especially dangerous — and deadly — as the UK’s National Health Service Hospitals were among the most devastated. It is widely assumed hackers in North Korea were behind the attack.
Just a month later, piggybacking on the success of WannaCry was NotPetya, an updated version of the earlier ransomware strain. It took out organisations from shipping giant Maersk to multinational pharmaceutical manufacturer Merck.
A Lithuanian cybercriminal posed as an Asian manufacturer to deceive Google and Facebook employees into wiring over $100 million to untraceable offshore bank accounts. The swindle occurred over the course of two years before his capture. For their part, Google claimed to have recouped the funds it had lost.
In the biggest DDoS inundation to date, GitHub — a popular developer platform — experienced traffic of 1.3 terabytes per second, which halted all operations on its server. GitHub had security measures in place, far more than most organisations, but was simply overwhelmed by the sheer size of the attack.
Perhaps the most noteworthy of all cryptojacking attacks was Coinhive, a popular cryptocurrency mining service that, for a time, was considered by leading security firms as the top malicious threat to web users. Its computer code could be used on hacked websites to steal the processing power of that site’s visitors’ devices. For 15 long months, cybercriminals used the malicious program to infect millions of devices.
Capital One fell victim to one of the largest data breaches in banking history when over 100 million credit card applications were accessed and thousands of Social Security and bank account numbers were taken. Capital One spent around $150M mitigating damages.
2020 to Today: Billions of Dollars Lost
Neiman Marcus notified 4.6 million customers that a hacker had compromised online accounts in May 2020, gaining access to personal data such as usernames and passwords, customer names, contact information, credit card numbers, as well as expiration dates and virtual card numbers.
Russian cyberattacks on U.S. governmental institutions have been on the rise and, in one of the most catastrophic data breaches during all of 2020, foreign intelligence operatives took advantage of a compromised SolarWinds program and invaded an estimated 18,000 private and government-affiliated networks. These data breaches granted attackers access to an abundance of identifiable information, including financial information, source code, passwords, and usernames.
In early May, a suspected Russian hacking group took Colonial Pipeline offline for more than three days in an attack that made “ransomware” a household word. As Colonial provides 45% of the East Coast’s supply of gasoline, diesel fuel, and jet fuel, this was a major blow. Gas prices spiked across the country, some gas stations ran out of fuel, over-the-road deliveries were delayed, and there were even reports of gasoline hoarding.
The infamous REvil collective hit Florida-based software provider Kaseya with a ransomware attack, demanding $70 million in bitcoin. This attack impacted businesses across five continents — including shutting down public schools in New Zealand, closing a major grocery chain in Sweden, and disrupting operations for hundreds of businesses across the U.S.
The year closed out with the revelation of a zero-day threat that created massive waves in the cybersecurity industry, when security researchers published a proof-of-concept critical exploit for a remote code execution vulnerability in Log4j, a Java logging library used in a significant number of internet applications.
In the weeks following, businesses worldwide worked frantically to identify and mitigate the impact of the exploit, while security pros and experts released patches and scanning tools, and guided organisations on how to best protect themselves from attack.
In one of the more frightening displays of cybercriminals’ willingness to endanger the lives and livelihoods of strangers, the agency that administers social security for Costa Rica was shut down by a late May ransomware attack, an attack which spread to other offices in the country and caused a state of emergency.
A mid-September hack yielded a striking amount of material from a titan of the gaming industry. The hotly anticipated release of Rockstar Games’ Grand Theft Auto 6 was thrown into disarray when a hacker known as “teapotuberhacker” breached Rockstar’s internal Slack channel and purloined 90 videos of work-in-progress gameplay. But this hacker wasn’t done.
In an extremely similar Slack attack, teapotuberhacker lived up to their screen name on September 14 when they, well, hacked Uber. The international ride-share company was breached even more deeply than Rockstar, with the hacker gaining “pretty much full access to Uber,” including email systems, internal communications, cloud storage, and code repositories.
What’s Next in Cybercrime?
The same advanced technology used for cybersecurity — including machine-learning and AI tools — are employed by today’s cybercriminals too. So, staying one step ahead of them is an ongoing challenge. And, as the big business of cybercrime continues to grow, threat actors have begun collaborating with each other in a ransomware-as-a-service (RaaS) model to infiltrate organisations.
The RaaS model allows the developers of a ransomware variant to recruit affiliates that exclusively use their ransomware in targeted attacks on organisations. Any ransom payments extorted out of the victims are then divided up between the ransomware developers and affiliate who conducted the attack.
There’s no telling what new, devious innovations threat actors have in store for us over the next decade. Preparing for the next generation of cybercrime requires users to become vigilant about which types of attacks are in the wild — and to clearly understand how to defend themselves against these threats.
Successful approaches to cybersecurity will include multi-prong defenses. And it will involve service providers and third-party expertise even for organisations large enough to employ comprehensive cybersecurity technology and expert staff in-house. What every organisation needs to battle cybercrime today, as well as tomorrow, is security operations.
How Arctic Wolf Can Help
A proactive approach is the best way to fight emerging cyberthreats. Learn more about how industry-leading security operations solutions can help your organisation fight cybercrime.
Learn how to improve your security operations with our webinar, “So You Want To Level Up Your Security Operations.”