Products and Services PRODUCTS & SERVICES

20 years of cyberthreats that shaped information security

Sophos senior security advisor, John Shier, explores the defining threats from the last two decades and their legacy

In security we spend a lot of time trying to decipher the future. Where’s the next technology breakthrough? What are cybercriminals going to do next?

Annual reviews such as the Sophos 2021 Threat Report help this process by providing an overview of significant threat events of the past 12 months and identifying trends for future action and protection.

Looking back further than a year provides a valuable additional dimension. It allows us to see how different cyberthreats and attacker behaviors emerge and evolve, providing context and vital learnings for what we see today and are likely to see tomorrow.

Information security became a bona fide industry and professional discipline at the beginning of the current millennium. In a new report, Cyberthreats: a 20-year retrospective, we present a timeline of key threats and events from the past 20 years that have had the greatest influence on the security landscape.

The report shows how fast things change and how attackers learn from the past and each other, innovating and adapting at ever increasing speed – and how this has shaped, and will continue to shape information security.

What were the most important lessons – and which have we still not learned?

Three eras of cyberthreats 

2000 to 2004

The early years of the millennium saw one worm after another unleashed onto the world. They rampaged across the internet with infection rates that could double in under 10 seconds, affect around 10% of all internet-connected hosts and, at one point, account for 25% of all spam.

Many of the worms abused vulnerabilities for which patches were already available and at least one showed constant development to outfox security detection. These worms caused around $100 billion in damage and mitigation costs overall and paved the way for the massive spam spreading botnets that would be used for ruthless monetization.

2005 to 2012

The years when cybercrime became a business. Well organized spammers targeted users with pharmacy scams and malvertising, and the landscape was changed forever by exploit kits and nation-state-sponsored threats and their advanced, expensive tools.

The Storm botnet, nicknamed “the world’s largest supercomputer,” is estimated to have compromised between one and 10 million devices.

In 2009/2010, Stuxnet showed the world how cyberweapons could be used to target physical systems, also releasing four zero days into the wild that would be seized upon by cybercriminals out for financial gain.

The rise of cryptocurrencies facilitated a new money-making opportunity for attackers: ransomware.

2013 to Present

Over the last few years, no cyberthreat has had a more damaging impact than ransomware. To date the damages and the impact of ransomware run into the trillions of dollars.

Away from ransomware, this era saw the transformational attacks of Wannacry and NotPetya, a continuation of the botnets, the worms, the spam and the leaking of nation-state sponsored cyberweapons.

Online payment theft, ever more sophisticated phishing, the decline of online privacy and everything-as-a-service that has brought cyberattacks within the reach of even the lowest-skilled cybercriminal also feature in the ever-growing, increasingly complex threat landscape.

Conclusion

We’ve come a long way in 20 years, and while there have been some harrowing moments, it’s important to reflect on our progress and celebrate our successes. The technological progress the world has witnessed would not be possible if it wasn’t for the professionals who work tirelessly every day to make the internet safer and more secure.

As our industry matures, we continue to demonstrate how the security industry is no longer the world of “no.” We’re enablers, collaborators, and innovators. One of our lasting legacies is that we continue to come together to solve problems. Whether it’s the Conficker working group, any number of ISACs, the Cyber Threat Alliance, hacker cons, or the recent COVID-19 Cyber Threat Coalition, we get things done.

The problems of this era, and those to come, are challenges we will rise to.

As the African proverb states, “If you want to go fast, go alone. If you want to go far, go together.” As we go together into the next 20 years, let’s remember that the fight is honorable and it’s worth it.