Looking back at the ‘Evilution’ of cyberattacks

Looking back at the ‘Evilution’ of cyberattacks

Thoroughly understanding the cybersecurity industry’s history can help organizations better understand today’s threats. Marc Laliberte, Technical Security Operations Manager at WatchGuard Technologies, says: “Better understanding how cybercriminals have evolved over time is extremely useful when developing the best strategies for preventing them in the future.”

Cyberattacks are ever-evolving, continuing to grow, change and loom over us in powerful new ways. WatchGuard was founded in 1996, a time when breaking news of major security attacks were few and far between, and hackers were much less sophisticated.

Marc Laliberte, Technical Security Operations Manager at WatchGuard Technologies

Fast forward 26 years to today, a time when nation states and organized, underground activist groups use cyberthreats to launch formidable, widespread attacks targeting businesses, critical infrastructure, governments and more.

According to research from The World Economic Forum’s Global Risks 2021 Report, ‘among the highest likelihood risks of the next 10 years are extreme weather, climate action failure and human-led environmental damage; as well as digital power concentration, digital inequality and cybersecurity failure.’

Better understanding how cybercriminals have evolved over time is extremely useful when developing the best strategies for preventing them in the future. Have their motives changed?

How have advances in attack and defense techniques only fueled the fire between black hats and white hats? Thoroughly understanding the cybersecurity industry’s history can help organizations better understand today’s threats.

With that, let’s take a look at four notable attacks over the past 25 plus years and what we can learn from them (keep in mind, this list is not exhaustive and is just a sampling).

1998: Solar Sunrise

In February of 1998, three teenagers (two from California and one from Israel) attacked the Department of Defense (DoD) computers in a month-long series of hacks targeting a well-known flaw in the Solaris operating system.

Other arms of the government were also attacked, including the Air Force, NASA, the Navy, the Pentagon and more. When successful, the attacker was able to access sensitive data by installing a trojan and sniffer on the networks.

Thankfully, the attackers supposedly only broke into unclassified systems at the government organizations. Ultimately, the authorities learned the attacks were the work of three teenagers, two from the US and an Israeli teen who ended up serving some time in prison for the attack.

This likely led governments from around the world to become more serious about cybersecurity, with the American government developing intrusion prevention systems such as EINSTEIN five years later.

While the threat actors were more likely just curious teenagers and not malicious state-sponsored attackers, this early government hack proved that even the US government’s information systems were vulnerable and not as impenetrable as once thought.

2000: Love Bug (ILOVEYOU WORM)

In 2000, a college student in the Philippines emailed the ILOVEYOU worm (sometimes referred to as the Love Bug worm or Love Letter for you) affecting more than 10 million Windows computers. The email included an attachment of a visual basic (VBS) file using a double extension method that made the attachment look like a text document.

When run, the malicious script would then overwrite some files like audio files, documents and images, then send the infected email to all your contacts. The worm spread around the world very quickly, allegedly causing five to eight billion dollars in damages. In 2012 The Smithsonian listed ILOVEYOU as one of 10 most destructive viruses ever.

At the time of the attack, the Philippines did not have a law against writing malware, meaning the college student couldn’t be prosecuted. As a result, the Philippines, and other nations across the world, enacted more cybersecurity laws.

2008: Operation Chanology

In 2008, the hacktivist collective Anonymous carried out Project or Operation Chanology in an attempt to troll, discredit and disrupt the Church of Scientology. At the time, Scientology was not faring too well with the netizens of the Internet, criticizing the church for several of its legal actions, such as removing some Tom Cruise videos and a Usenet Scientology newsgroup claiming copyright disputes.

Not only that, many of these netizens believed the Church of Scientology was a cult brainwashing its followers. The cyberattack campaign was one of Anonymous’ first ‘operations.’

The project involved everything from prank calls and launching DDoS attacks to taking down entire websites and releasing several videos disproving their claims. While the group didn’t cause the church any lasting damage, they did make ‘Scientology’ a top, often negatively viewed, topic at the time.

While the industry didn’t have much sympathy for Scientology as a whole, this did put Anonymous operations on the map, some of which targeted respected, legitimate organizations. Ultimately, even though the group has no known leader or public members, Anonymous was one of the most fearsome hacking groups of the decade, and many people did not want to disparage Anonymous in fear of retaliation.

2010: STUXNET

Stuxnet was a state-sponsored cyberattack targeting Iran’s supervisory control and data acquisition (SCADA) systems as well as causing severe damage to the country’s nuclear program.

Aside from being a clearly political and government-related attack, Stuxnet was the most sophisticated malware known at the time, containing an unprecedented four zero day exploits, a first ever programmable logic controller (PLC) rootkit, and much more, making it far more complex than the average cyberattack.

Stuxnet successfully infiltrated a highly guarded, air-gapped uranium enrichment facility, sabotaging the centrifuges used to make weapon-grade uranium. To date, no one has claimed ownership for the attack, but it is widely believed to have been a collaborative effort between the US and Israeli governments, and part of the US’s codename operation called Olympic Games, started by President Bush in 2007.

Stuxnet was the first sophisticated government-sponsored cyberattack leaked to the public so blatantly, demonstrating that governments were using cyberattacks for their own gain. While cyber warfare existed (albeit under the radar) before, Stuxnet opened the door for more

state-sponsored threat actors and governments leveraging hacking for spying and black ops.

Cybercriminals were able to take advantage of the public leak by learning several of the attack’s methods, going so far as to copysome of the malware’s zero day exploits. After Stuxnet, malware prevention and detection had to evolve in order to catch up with hackers and their exploits (which is still a challenge today).

While we’ve seen our fair share of excitement over the last 25 years, with cybercriminals and their motives changing and evolving, and various groups stepping up to defend against attacks, it is important to keep the challenges and successes in mind when planning future cybersecurity strategies.

As the old saying goes, those who don’t remember history are condemned to repeat it.

Browse our latest issue

Intelligent CISO

View Magazine Archive