The evolution of cybercrime consists of 29 arbitrary round milestones and three arbitrary eras dividing them, starting from the year 2000.

Ever wondered what 20 years of cyberthreats will look like when represented graphically?

This is what it looks like, in a nutshell, thanks to John Shier, Senior Security Advisor, Sophos Security Labs.

The accompanying report shows how fast things change and how attackers learn from the past and each other. By innovating and adapting at ever increasing speed, this has shaped, and will continue to shape information security for the world to catch up on.

20 years go into 4, 8 and 8

The first four years: 2000 to 2004 

The early years of the millennium saw one worm after another unleashed onto the world. They rampaged across the internet with infection rates that could double in under 10 seconds, affect around 10% of all internet-connected hosts and, at one point, account for 25% of all spam.

Many of the worms abused vulnerabilities for which patches were already available and at least one showed constant development to outfox security detection. These worms caused around US$100bn in damages and mitigation costs overall, and paved the way for the massive spam-spreading botnets that would be used for ruthless monetization.  

The next eight: 2005 to 2012

These were the years when cybercrime became a business. Well-organized spammers targeted users with pharmacy scams and malvertising, and the landscape was changed forever by exploit kits and nation-state-sponsored threats and their advanced, expensive tools.

The Storm botnet, nicknamed “the world’s largest supercomputer”,  is estimated to have compromised between one and 10 million devices. In 2009/2010, Stuxnet showed the world how cyberweapons could be used to target physical systems, also releasing four zero-days into the wild that would be seized upon by cybercriminals aiming for financial gain. The rise of cryptocurrencies facilitated a new money-making opportunity for attackers: ransomware. 

The most recent eight years: 2013 to the present

Over the last few years, no cyberthreat has had a more damaging impact than ransomware. To date the damages and the impact of ransomware run into trillions of dollars. Away from ransomware, this era saw the transformational attacks of Wannacry and NotPetya; a continuation of the botnets; the worms; the spam and the leaking of nation-state sponsored cyberweapons.

Online payment theft, ever-more-sophisticated phishing, the decline of online privacy and everything-as-a-service that has brought cyberattacks within the reach of even the lowest-skilled cybercriminal—also feature in the increasingly complex and progressive threat landscape. 

What were the most important lessons, and ones have we still not learned from?