When and how did IT become misappropriated for criminal intents and sovereign agendas? Here is a brief rundown in IT history…

The creation of the Internet happened in 1969 when the Pentagon’s Advanced Research Projects Agency was able to send a message from one giant computer in the University of California to another giant computer in the Stanford Research Center using “packet switching”.

According to the records, that first message, consisting of just one word “LOGIN”, crashed the system along the way to the destination. Only the first two letters were received. Yet, in the following years, more and more packet-switched lab computers were being networked via the Transmission Control Protocol (TCP) that would form the early beginnings of a global, accessible internet.

Then, in 1971, a computer engineer named Bob Thomas created the Creeper program, a self-replicating computer worm that was not intended to cause harm but to demonstrate the potential of self-replicating code. This worm sent a message to infected devices saying: “I’m the creeper, catch me if you can.” In response, Ray Tomlinson, the creator of e-mail, developed a program called Reaper that tried to track down and eliminate the creepers.

The first era: 1980s

The idea of cybersecurity could be said to have begun at this time: the Reaper would be considered the first antivirus.

However, the first recorded instance of malicious computer activity that can be considered a true cybercrime occurred in 1983 when a computer scientist conducted an experiment in which he created a virus in a controlled environment to demonstrate the possibility of self-replicating malicious code. By some accounts, it was hidden inside a larger, legitimate computer program that was loaded into a computer on a floppy disk.

This would mark the beginning of the first era of cyber-security, where scientists became aware of the need to keep undesirable elements from being transmitted over networks.

Over that decade, a boom in malware occurred, comprising mostly annoying chain letters in digital form. The creators were not demonstrating any desire to make money from such practices at that time. The first commercial response to such cyber-nuisances came in the form of John McAfee’s VirusScan software.

The second era: 1990s

This decade marked the expansion of the internet, and saw an increased focus on network security. The Morris Worm’s impact was lingering, and new challenges emerged, including the proliferation of early malware.

Firewalls became crucial for defending against external threats. Public-key cryptography gained prominence for secure communication. The Computer Emergency Response Team (CERT) was established to respond to and mitigate cybersecurity incidents.

The third era: the 2000s

The new millennium began with the fear generated by the Y2K problem: that the computer systems were faulty because the dates in the programs omitted the centurion. There were indeed serious losses and misconfigurations at the turn of the millennium, but what this situation really told us was that society was becoming dependent on technology. At the time, there was no awareness of the real damage that could be done through the network. This was to change with the notorious Loveletter phishing virus, also known as the Love Bug, which would spread in just five hours across computers in Asia, Europe and America. This virus generated economic damage valued at 10b Euros. Numerous government groups were also affected by this virus, raising awareness of the importance of cybersecurity.

Other cyber threats surging in the 2000s included the infamous Code Red and Slammer worms. Malware became more destructive, and compliance standards like HIPAA and PCI DSS were introduced to regulate security practices. Intrusion Detection Systems and Intrusion Prevention Systems emerged as key tools in this era, but the landscape remained dynamic and challenging.

The fourth era: the 2010s

Ransomware attacks began to emerge in an increasingly sophisticated form. It was in 2017 that the cyberattack known as WannaCry occurred: a state-sponsored attack that spread internationally. WannaCry did not make a huge difference in terms of profitability, as the ransom was only US$300, but it did mark the beginning of the political use of ransomware.

During the 2010s, Advanced Persistent Threats (APTs) rose to prominence, targeting organizations for extended periods of time with stealthy tactics. As more businesses adopted cloud services that introduced new attack vectors, cloud cyber security became crucial. Also Machine Learning and threat intelligence were becoming important for detecting and responding to cyber threats in real-time.

Ransomware attacks continued to surge, adding the encryption of data and leakage of sensitive data into the wild as ways to ensure ransom payments of higher values.

The current era

Three years into the fifth era of cybersecurity, and we have witnessed how automation and AI have been allowing threat actors to launch even more cyberattacks and ransomware attacks. As a result of the COVID-19 pandemic accelerating global digital transformation by a decade, new attack vectors escalated in 2020 and continue to grow with the rise of social media and generative AI.

Techniques such as deepfake are managing to reliably impersonate relevant identities and companies to steal information; phishing attacks are becoming more convincing; and new variants of ransomware and malware are developing rapidly and more cost-effectively. As cybercriminals’ techniques progress rapidly, cybersecurity is also using AI to refine its defensive methods to keep pace.

CybersecAsia would like to thank Check Point Software Ltd for sharing some of its research into the evolution of cybersecurity.