Cybersecurity began with an experiment. Bob Thomas was a researcher who discovered that a computer program could leave a trail as it traveled across a network. He sent one with a message saying, “I’m the Creeper: Catch me if you can.” Another researcher saw it and made it self-replicating, which was the first computer worm. Today, cybersecurity protects against much more sophisticated problems, including ransomware, fileless malware, and nation-state attacks.
The 70s and 80s
In the beginning, threats to cybersecurity were there, but they involved people reading files that they shouldn’t be reading. Computer security back then was all about governance risk and compliance, and it didn’t take the same path as computer security.
The Russians used cyberpower as a weapon back then. In 1986, a computer hacker from Germany named Marcus Hess was able to hack into an Internet gateway in Berkeley. He hacked around 400 military computers. Among them were mainframes at the pentagon, and he intended to sell the information to the KGB. At this time, viruses became a serious threat rather than an academic trick.
The Viral Era
In late 1988, Robert Morris wrote a program that would infiltrate computer networks across the Internet. He used the Morris Worm to copy itself and it ended up replicating and causing the Internet to slow down. He was charged with Computer Fraud and Abuse Act violations, and it led to the Computer Emergency Response team to look for issues that could affect the Internet. After this, viruses became more and more dangerous and destructive.
The AV scanner could look through binaries in a system and find signatures. They searched for what was found in malware. The problem is that it used a lot of resources and gave false positives. It interfered with productivity. Malware exploded, and by 2007 there were five million new samples per year. In 2014, 500,000 unique samples were produced each day. The next development was Endpoint Protection Platforms. They had signatures scanning for malware families.
Next, with lateral movement, attackers could issue commands, run codes, and spread over the networks. This allowed hackers to have stealth movements laterally. One of these is called EternalBlue. It exploits file sharing with the SMB protocol. It was leaked in 2017, and it was used in 2017 as part of the WannaCry ransomware attack.