Cybercrime has become an all-too-familiar topic in today’s global headlines.
It’s clear that along with its multitude of benefits, the introduction of new technologies gives attackers opportunities to develop new and easier methods for infiltrating data systems to steal sensitive information.
This isn't a new phenomenon. In fact, it goes back not just decades but centuries.
Technically, the first cyberattack happened in France well before the internet was even invented, in 1834. Attackers stole financial market information by accessing the French Telegraph system. From that moment on, cybercrime has grown exponentially, marked by an intriguing history of tactics, techniques, and procedures—all implemented for malicious gain.
This article takes a look at cybercrime’s rapid evolution, with a focus on the most prevalent and damaging trends of the past decade.
History of Cybercrime up to 2010
If there was a Cybercrime Hall of Infamy, its halls would be lined with the names and faces of noted attackers whose “groundbreaking” work caught the eye of federal investigators and the envy of fellow hackers. In chronological order, here are several notable firsts—and the perpetrators behind them:
1962: The modern history of cybercrime began when Allen Scherr conducted the first cybersecurity attack, which he launched against MIT computer networks. He stole passwords from the database by making a punch card.
1971: The first computer virus was created for research purposes by Bob Thomas at BBN technologies. Referred to as the Creeper Virus, the self-replicating program was detected on the ARPANET in 1971 and foretold the potential of future viruses to cause significant damage to computer systems.
1981: Ian Murphy became the first person ever to be convicted for committing a cybercrime. He successfully hacked into AT&T’s internal systems and changed their computers’ clocks, causing havoc.
1988: The first major cyberattack on the internet came courtesy of Cornell grad student named Robert Morris. The “Morris Worm” struck in the year before the World Wide Web debuted, back when the internet was primarily the domain of academic researchers. It infected computer systems at Stanford, Princeton, Johns Hopkins, NASA, Lawrence Livermore Labs, and UC Berkeley, among other institutions.
1995: Kevin Mitnick—one of history’s most notorious hackers—became the first person to penetrate large networks by manipulating people and using insiders to get the codes. He attacked Motorola, Nokia, and several other large networks.
New Technology Brings New Crime: The 1990s
The decade of the ‘90s gave rise to some of the greatest communication technologies known to mankind. And, above all, the internet evolved into the World Wide Web with the aim of connecting people across different communication networks wherever they were, all over the world.
Along with these advancements, however, cybercrime emerged. Hackers and bad actors leveraged the fact that as these new technologies were developed and built, trust and safety controls weren’t initially a major concern. Cybersecurity was a term yet to be coined, and the groundbreaking applications for communications and business efficiency was the principal focus for good reason. Nevertheless, an underground economy was also born as a result.
Escalating rates of cybercrime signaled that attackers now enjoyed fresh opportunities to devise new means to gain unauthorized access and manipulate data across the web. And devise and manipulate they did.
Notable crimes of the decade:
1994: Datastream Cowboy and Kuji—a 16-year-old British schoolboy and his accomplice, used a “password sniffer” program to launch a series of attacks that crippled the Air Force’s Rome Laboratory in New Year, while stealing research data used as attack instructions for warplanes in battle.
1995: Vladimir Levin was the first known hacker to attempt to rob a bank—and a very big bank at that. He hacked into Citibank’s network and conducted an abundance of fraudulent transactions. All told, he transferred more than 10 million dollars into various bank accounts worldwide.
1998: Max Butler, a security consultant for the FBI among others, hacked into US Government websites, ostensibly to fix a server vulnerability, but the U.S Air Force alerted officials to his deeds and he received an 18-month sentence. Later, for another illicit foray, he was sentenced to 13 years, the most ever for a hacker.
1999: Computer viruses were relatively unknown by the general public until the Melissa Virus struck in March 1999 and affected users all across the internet by corrupting their Microsoft document files and causing an estimate $80 million in damages.
Cybercrime Ramps Up: The 2000s
The first decade of the new millennium witnessed more sophisticated attacks and an abundance of advanced persistent threat actors (APTs), most of which were sponsored by nation-states. The evolution of cybercrime meant new viruses and worms, which provoked significant damages to critical sectors of the digital economy across the world. By decade’s end, cybersecurity was a concern of computer users everywhere, but especially to government agencies and large corporations who had the most at stake.
Notable crimes of the decade:
2000: A 15-year old hacker named Michael Calse with the online handle “Mafiaboy,” launched a series of distributed denial of service (DDoS) attacks on some of the largest commercial websites like Amazon, Yahoo, CNN, and eBay. The attack brought the sites down for hours in some cases, and cost these businesses untold millions.
2005: A security breach at a U.S. retailer led to the data leak of 1.4 million MasterCard users of HSBC Bank. The bank had to issue letters to its customers.
2008: In one of the largest breaches ever, Heartland Payment systems were attacked using a combination SQL injection, password sniffers, and malware and the data of 134 million users were compromised.
2010: The Stuxnet worm—called the world’s first “digital weapon”—attacked nuclear plants in Belarus, sabotaging the country’s uranium enrichment facilities.
2010: The Zeus Trojan virus was distributed around the world via email in an attack targeting financial services organizations. The 100+-person crime ring, based largely in the U.S., managed to steal more than $70 million from American banks.
Cyber Threats Grow Increasingly Sophisticated: The 2010s
Looking back at the past decade, we saw the rapid growth and evolution of cybercrime continue—turning what was once a cottage industry into “big business.” Attackers developed new malicious programs and techniques, which increased both the cybercrime rate and the number of cyberattacks per day. Trillions of dollars were lost.
It wasn’t like businesses didn’t recognize the dangers. Beginning around 2010, large organizations began employing more cybersecurity professionals to counter the risk of cyberthreats as the sense of assumed digital security dissipated. And with a demand for constant data security, a new field emerged, known as ethical hacking; its sole purpose to discover vulnerabilities prior to malicious exploitation.
One way to gauge the growth of cybercrime over the past ten years is to understand how much the cybersecurity industry has grown in response to it. The figure below shows its steady growth, year of year:
The evolution and increased sophistication of different types of cyberthreats and how they’re leveraged in attacks puts organizations in precarious positions when it comes to defending against them. To follow are some of the most common cyberthreats, along with some of the more notorious attacks in which they were used during the 2010s.
Malware is short for “malicious software.” It’s designed to harm systems and networks via intrusive and disruptive algorithms, changing the normalcy of processes, logic, and traffic flow.
Over the years, malware has evolved from simply shutting down a computer to destroying an enemy nation-state’s nuclear power plant. With the rise of mobile technologies in recent decades, the mobile malware evolution trajectory has eclipsed any type of malware introduced in modern technology.
With respect to the ongoing advances in malware, future attacks may be nearly impossible to detect and eliminate without damaging an entire network. These new strands of malware are being designed to intertwine with network DNA, morphing to resemble normal system activities and processes.
Spyware is a type of malware that infiltrates a computing device with the sole aim of secretly gathering critical information such as login credentials, system activities, or device location.
Spyware has evolved from its suspiciously noisy and resource hogging beginnings to become more sophisticated and almost totally undetectable. Modern spyware, in fact, incorporates both technical and logical methods to masquerade itself on system scans.
The following are notable malware and spyware attacks of the last decade:
2010: In a notorious nation-state attack, Operation Aurora was launched by Chinese military hackers on more than 20 leading technology companies. The public was first made aware of the attacks when Google notified the public that its intellectual property had been seized in the attack.
2011: Sony Corporation announced In April that over the course of a few days hackers stole information from 77 million users of its Sony Playstation. This included gamers’ usernames and passwords, their birthdates, answers to security questions, and more. It took 23 days to recover the system and remediate the threat.
2013: In perhaps the largest high-profile data leaks of all, whistleblower Edward Snowden revealed sensitive information stolen from several foreign governments with spyware software technology as part of the National Security Agency’s PRISM surveillance program.
Ransomware is a type of malware that takes hostage of digital systems and assets. Ransomware can be downloaded in the system through image and video files, and it has evolved over time to become increasingly destructive and difficult to detect and prevent.
Once attackers deny users access to their files or systems, they demand a hefty ransom payment in exchange for renewed access, attackers demand hefty ransom payments. Malicious actors typically demanded payments in the form of cryptocurrency or bitcoins. For a variety of reasons, victims are encouraged NOT to pay a ransom, but in reality, they often do—hence the continued success of this type of attack.
If possible, when interacting with downloadable files, strive to scan them for strands of ransomware codes.
The Speed at Which a Business Falls Victim to Ransomware
Here are a few notable ransomware attacks in the last decade:
2015: The first strains of SamSam ransomware appeared, which by 2018 had earned its creator nearly $6 million. Among its highest-profile “hostage-taking” strikes were the City of Atlanta and the Colorado Department of Transportation.
2016: TeleCrypt ransomware appeared and largely targeted gamers, who downloaded it while playing games online. Luckily, a free decrypt tool was quickly created by researchers at Malwarebytes.
2017: Perhaps the most insidious of all ransomware strains, WannaCry, managed to affect more than 200,000 Windows computers in 150 countries. It was especially dangerous—and deadly—as the UK’s National Health Service Hospitals were among the most devastated. It is widely assumed hackers in North Korea were behind the attack.
2017: Just a month later, piggybacking on the success of WannaCry was NotPetya, an updated version of the earlier ransomware strain. It took out organizations from shipping giant Maersk to multinational pharmaceutical manufacture Merck.
Man in the Middle Attacks (MitM)
Man-in-the-middle (MitM) attacks occur when cybercriminals intercept legitimate communications and controls the flow of that communication. Both victims think they are communicating privately, but the attacker acts as a man in the middle and tricks both victims.
These attacks are usually used to gather attack intelligence for future attacks. To prevent MitM attacks, end-to-end encryption is strongly advised.
Notable MitM incidents of the last decade:
2011: Due to a security breach in Dutch certificate authority Diginotar, an investigation by a third-party firm discovered 300,000 Iranian Gmail users were targeted in MitM attacks.
2013: A researcher discovered that Finnish telecommunications Nokia was essentially conducting man-in-the-middle attacks on its smart phone users by sending HTTPs traffic through its servers and decrypting data. The company said it did so to help compress data and keep rates and charges reduced.
2017: Equifax pulled its mobile apps from the Apple and Google app stores after discovering MitM vulnerabilities. This came right on the heels of its publicly announced data breach, wherein the personal information and data of more than 147 million Americans was compromised.
Distributed Denial-of-Service Attacks (DDoS)
Distributed denial-of-service attacks occurs when perpetrators flood a system or network with process requests, making it unable to provide service temporarily or permanently. This attack sabotages operations and halts business and organizational services, making it possible for a cybercriminal to implement secondary attacks.
Notable DDoS-attacks of the last decade:
2012: In September, six different US banks—including Bank of America, Wells Fargo and Chase—were attacked with 60GB per second, leading to simultaneous website outages that meant customers had no access to online banking services.
2013: Spamhaus, an international electronic spam-fighting organization, was victimized by a then-unprecedented DDoS attack when it was hit with malicious traffic coming in at 300GB per second.
2014: The websites of Occupy Central, a Hong Kong grassroots activist movement were attacked with 500GB per second intensity through the use of five botnets. The DDoS attack was meant to stifle the organization’s pro-democracy measures.
2018: In the biggest DDoS inundation to date, GitHub—a popular developer platform– experienced traffic of 1.3 terabytes per second, which halted all operations on its server. GitHub had security measures in place, far more than most organizations, but was simply overwhelmed by the sheer size of the attack—the biggest ever on record.
Phishing is a social engineering attack, which attempts to trick users into revealing sensitive data that can facilitate malicious activities. Phishing has been used to illicitly extract usernames, passwords, PIN codes, banking credentials, and more.
Phishing has grown quite sophisticated; in many cases, users don’t even have an inkling something “phishy” is taking place. Today, almost every company advises employees about the dangers of falling prey to a phishing attack.
Social Media Phishing
Social media phishing is a kind of cyberattack which uses social media platforms to spread malicious content through deceptive links. When users interact with the malicious link, they are exposed to other malicious tactics such as email spoofing, drive-by download, and other credential-stealing schemes. Almost any invitation link on social media can lead to a phishing attack.
Voice phishing is a form of phone fraud where a caller gathers basic personal information that leads to credential hacking. Usually, victims are told of unusual circumstances about their accounts from the caller, and are asked to provide credentials for resolution purposes.
Voice phishing is, in fact, a form of social engineering. Therefore, organizations must advise customers to never give secret or personal information over the phone.
Notable phishing attacks of the last decade:
2013: Over 110 million Target customers had their credit card records stolen in a phishing attack. The scheme involved a malware-laden email to the company’s HVAC subcontractor, allowing the cybercriminals to gain access credentials to the data.
2015: A successful spear-phishing attack against high-value Defense Department targets with customized emails led to a data breach, which compromised information for 4,000 military and civilian personnel who worked for the Joint Chiefs of Staff. The attack forced the Pentagon to shut down its email system. Only unclassified information was said to be leaked.
2016: The Austrian Aerospace firm, FACC AG, was defrauded of 50 million Euros in a spear-phishing scheme that tricked a finance employee to transfer the money into back accounts controlled by the cybercriminals. As a result, the company’s CEO was fired.
2017: A Lithuanian cybercriminal posed as an Asian manufacturer to deceive Google and Facebook employees into wiring over $100 million to untraceable offshore bank accounts. The swindle occurred over the course of two years before his capture. For their part, Google claimed to have recouped the funds it had lost.
2018: Cryptocurrency company EOS.IO was attacked. Cybercriminals posed as company representatives and contacted potential investors. The scam succeeded in luring many to provide their private key in order to claim unsold tokens.
Cryptojacking—An Evolving Threat
Cryptojacking involves secret use of a computer to mine cryptocurrency. During a cryptojacking, attackers install a mining program on the target device by sending a malicious malware file to the victim. This file grants the attacker total command-and-control of the device. This malicious activity occurs in stealth mode; victims are unaware that their cryptocurrency is being mined on their device. However, the mining depletes other computer resources, and users may experience significant reduction in computing power and speed.
The highest profile cryptojacking attack to date:
2018: Perhaps the most noted of all cryptojacking instances involves the “Coinhive”attack. Coinhive was a popular cryptocurrency mining service that for a time was considered by leading security firms as the top malicious threat to web users. Its computer code could be used on hacked websites to steal the processing power of that site’s vistors’ devices. For 15 long months, cybercriminals used the malicious program to infect millions of devices.
Evolution of Cyber Law
In the last decade, cyber-related legislation was introduced as a response to the growing magnitude of cybercrime in the world. Although nations are not yet fully conversant with cybersecurity, the evolution of cyber law has helped ensure the privacy and security of businesses and organizations across the internet.
Intercontinental cyber laws are destined for the near future, whereby multiple nations will merge their sovereign laws in efforts to reduce the preponderance and scale of cyberattacks. In the U.S. alone, the following legislative acts have already been passed:
- The CAN-SPAM ACT regards unsolicited emailing in relation to fraud activities
- The Computer Fraud and Abuse Act protects users from fraud and abuse
- The Electronic Communication Privacy Act prohibits an unauthorized third party from intercepting or disclosing communications
- The Identity Theft and Assumption Deterrence Act made identity theft an official federal crime
- The Trade Secrets Acts provides American companies with federal protection against, and remediation for, the misappropriation of important propriety information
The same advanced technology used for cybersecurity—including machine-learning and AI tools—are employed by today’s cybercriminals too. So, staying one step ahead of them is an ongoing challenge.
Preparing for the next generation of cybercrime requires users to become vigilant about which types of attacks are in the wild—and clearly understand how to defended themselves against these threats.
Successful approaches to cybersecurity will include multi-prong defenses. And it will involve service providers and third-party expertise even for organizations large enough to employ comprehensive cybersecurity technology and expert staff in-house. What every organization needs to battle cybercrime today ,as well as tomorrow, is a security operations center.
Enter Arctic Wolf
Arctic Wolf delivers personal, predictable protection from cybersecurity threats through an industry-leading security operations center (SOC)-as-a-service. Arctic Wolf™ Managed Detection and Response and Managed Risk services are anchored by the Arctic Wolf Concierge Security™ Team who provide custom threat hunting, alerting, and reporting. Arctic Wolf’s purpose-built, cloud-based SOC-as-a-service offers 24x7 monitoring, risk management, threat detection, and response. For more information about Arctic Wolf, visit https://arcticwolf.com.