Evolution of Cyber Attacks

“Although we must be prepared for a catastrophic large-scale strike, a Cyber Armageddon, the reality is that we have been living with a constant barrage of cyberattacks for some time. The trend, I believe, will continue”

– James Clapper

This above quote from James Clapper states that our systems must always be resilient to cyber-attacks. It even speaks about the reality that every system is prone to attacks, and the advancement of attacks the world is witnessing is petrifying. If we look at the history of cyber-attacks ever since the early 1980’s every organization is being targeted regardless of it being an IT, Government, Medical or Financial organization. We can say that no system is secured, every network or system is vulnerable to attacks. Below are few mentions about the attacks, that show how the advancements were done in the domain of cyber-attacks.

Let’s start from the perspective of 1980’s about the cyber-attacks, the Morris worm which is one of the (notable) initial forms of malware was created in 1988 by a student of Cornell University, Robert Tappan Morris. His intention was to develop the program to determine the size of the internet. Even though it was a good thought, the malware infected more than 6000 computers, damage was around $10 million and computers that affected by the spread of malware made the systems unusable.

Before the Morris Worm, a computer worm called the Christmas Tree Exec. was developed by a student at the Clausthal University of Technology in Germany. It is as an electronic Christmas message which became the first widely disruptive computer worm in the history of computing at that we barely know what an email is. It uses text graphics to draw a Christmas tree and send the email from targets computer to the contacts in the file. It caused massive disruption across multiple computer systems, including the European Academic Research Network (EARN) and BITNET. There was another worm called Father Christmas, which was developed in the same year as Morris worm which attacks VAX/VMS systems using DEC net. This worm was capable to send a Christmas greeting from the infected system as a greeting from “Father Christmas”.

Another worm that used DEC net was WANK worm (Worms Against Nuclear Killers) which was created in the year 1989 and it was the first major worm to have a political message. In the same year AIDS (Aids Info Disk) was also introduced. It used to count the number of times the system booted by replacing the AUTOEXEC.BAT file that implements trojan horse. The Crypto virology was invented in1996 to design malicious software. This field was first introduced to know public-key cryptography can be used to break the symmetry between what an antivirus analyst sees regarding a virus and what the virus writer sees. It is basic version of ransomware. A logic bomb was introduced in the same year by Kevin Mitnick. It implements a malicious function if a specific condition is met.

Later in early 1990’s the evergreen, still scary concept of phishing attacks was introduced. The Melissa virus was created in the year 1999 by David L. Smith. It was the costliest attack till date which costed more than 80 million dollars and he didn’t expect such a loss. This virus was the first macro virus that used the technique to send emails to first 50 contact of outlook addresses, there was not any virus that used to send a word document within an email.

In early 2000’s, the most destructive worm ever was introduced in 2000 which is ILOVEYOU worm that infected millions of computers worldwide within a few hours of its release. It is written in VB Script and made by an AMA Computer College student. We get to know that even the DNS can be attacked after introducing the denial-of-service attacks in 2001. This can corrupt the DNS paths that takes users to Microsoft websites. In 2005 it was proved that not a highly skilled security professional can do efficient hacking but also a script kiddie can do it. A script kiddies group used bot attacks to do a large amount of spam has lured to FBI offices.

From 2006 there was many attacks, one of those that targeted the U.S defense using spear phishing which targets a particular user that showed changes in identity and message-source verification at OSD. The Conficker worm was introduced in 2008 that uses dictionary attacks, botnet and many other malicious techniques that makes it difficult to counter. It compromised millions of PC’s worldwide including many government-level top-security computer networks.

In 2011 we have witnessed one of the so-called big attacks that happened was focused on entertainment giant Sony Pictures, where passwords of its customers were stored in plain text, more than one million customer accounts, 75000 music codes, and 3.5 million coupons were uncovered.

In 2012, the biggest hack in history that includes both cost and damage was targeted on Saudi Aramco company by a cyberwarfare attack which was held for months by Shamoon malware. It was done as against Stuxnet that destroyed 35000 computers.

In 2014, the cyber-attacks were all time high, with all the big names crippling about their own data breaches. Big names like e-bay, Home Depot, JP Morgan Chase, Target, Sony Pictures, Gmail, AOL, UPS, Mozilla, Staples, were few of the companies which were victims of cyber-attacks.

In 2015, the world’s first digital weapon was created. It showed the world that we not even can hijack a system and steal information but also to cause physical effects. It focuses on centrifuges that was enriched with uranium that powers nuclear weapons and reactors. The application was designed to destroy those high-frequency convertor drives. This virus disabled 1000 to 5000 of such drives delay the function for around 2 years. This worm is called Stuxnet which exploits multiple previously unknown windows zero-day vulnerabilities to infect computers. This used the advanced persistent threats (APT), it works like sleeper cells which remains undetected for a long period of time and gets access to the network.

In 2016 the era of IOT’s have started with cyber-attacks and are infected with Dyn cyberattack which used Mirai. It is a malware that turns networked devices running Linux into remotely controlled botnets.

The most recent and notorious attack that happened in 2017 was WannaCry ransomware attack. This concluded that not a few organizations or few countries get affected by an attack but almost more than 230,000 computers in over 150 countries can be affected. It demanded ransom amount by encrypting data. Other big hacks of 2017 were breaches reported by Equifax due to open source libraries of Apache Struts.

In 2018, we got to know that even hardware gets affected as invention of Speculative Store Bypass (SSB). It is a vulnerability in hardware that takes advantage of speculative execution. Last year in June another exploit of speculative execution took place affecting Intel core CPU’s called Lazy FP State Restore. Few of the interesting attacks in 2018 were of Facebook, Mariott Hotels, where millions of customer’s information were involved in the data breaches.

One cannot determine what happens next, but they will continue to grow as the attacks on countries in world war 1 was held by weapons, then advanced to nuclear bombs in world war 2, world war is going to happen as a cyber war where we don’t need any weapons or bombs just a cyber-attack can cause more damage than of it. The next attacks might be shifted to a war of AI algorithms. AI is very hard to detect and will cause more destruction as it can impersonate a person that is more trust worthy to you. So, the more the technology gets improved, the more attacks are going to get advanced. This below quote describes the future of cyber-attacks.

“There are only two types of companies: those that have been hacked, and those that will be.”

- Robert Mueller, FBI Director, 2012

References:

1. http://touque.ca/EC/students/KrishnaKumarNairG/mosaic/mosaic.html

2. http://www.virusremovalguidelines.com/tag/worm

3. https://null-byte.wonderhowto.com/news/what-heck-was-stuxnet-0160816/

4. https://www.hackread.com/eternalrocks-worm-uses-smb-flaw-in-windows-like-wannacry/

5. https://en.wikipedia.org/wiki/List_of_security_hacking_incidents

Clear InfoSec is the subsidiary of Ana-Data Consulting Inc. that provides Information Security Services to help organizations improve their security posture.