Skip links

It Started With a Creeper: Evolution of Cybersecurity

Catch me if you can

It’s 1971. The original Willy Wonka film has just been released, and Ernie’s the fastest milkman in the west. The World Wide Web wouldn’t be invented for another 18 years, but its predecessor, ARPANET, had already transmitted its first messages at the tail end of the 60s.

The handful of scientists working on this experimental computer network had managed to communicate between four different computers – three in California, one in Utah. These scientists must have had the fright of their lives when the words “I’M THE CREEPER: CATCH ME IF YOU CAN” flashed onto the screens of these computers.

Luckily, Creeper wasn’t harmful, and was actually designed by researcher Bob Thomas to demonstrate that it was possible to create such a thing. Creeper was simply a worm which wiggled from computer to computer, displaying its message and causing a bit of panic amongst the unsuspecting scientists.

Creeper wiggled, happily, for about a year, until a software to remove it was successfully created. Reaper would lie in wait, removing Creeper from the system as soon as it detected it and preventing it from spreading to other computers on the network.

A Cute Little Bunny Wabbit?

There are questions surrounding the viral nature of Creeper, as it would travel between computers instead of multiplying. In fact, the concept of a computer virus didn’t even come about until the 1980s, which was years after the first malware had hopped onto the scene. After the innocent Creeper, came the first self-replicating malware: Wabbit.

Once on a computer, Wabbit would quickly make copies of itself until the system was so overloaded that it would get slower and slower until it crashed entirely. However, unlike Creeper, Wabbit wasn’t interested in spreading to other computers on the network. Instead of needing a Reaper, the system just died entirely and the poor guy who’d been experimenting with the malware lost his job.

At this stage in the 70s, the computer industry was beginning to boom. The technology was getting better and computers were getting smaller. Microsoft formed in 1976, with Apple following just months later. Even the White House began to use computers, joining the many other consumers in connecting to one network.

When the 80s rolled around, IBM made one of the biggest steps forward in computer history through its creation of the personal computer. By 1988, there were over 60,000 computers connected to the previously tiny ARPANET network – and more and more of them fell victim to ever-evolving computer viruses, such as floppy disk virus Brain, the Morris Worm, and the first ransomware, the AIDS Trojan.

This boom in computer viruses led to the birth of the commercial antivirus programme. VirusScan by McAfee, Ultimate Virus Killer by G Data and NOD32 by ESET were all released in 1987, kickstarting the growth of the antivirus industry.

These traditional antivirus programmes are still around today, and work in very much the same way by scanning incoming pieces of code and comparing them to existing pieces of code in their databases. If the code matches some known malware, the antivirus will quarantine or remove it.

Countdown to March 6th

The growth of the antivirus industry continued well into the 90s, and with good reason. Computers were finally widely available to the public, and the World Wide Web soon followed. Of course, not far behind was an onslaught of computer viruses: by 1992, there were over 1300 in existence. This number continued to grow, partly thanks to the release of various virus ‘construction kits’ which allowed those with little programming experience to create viruses of their own.

The 90s also saw the first big, public computer virus scare with the Michelangelo virus, which was largely blown out of proportion by the media. The Michelangelo virus would infect a system and lay dormant until the 6th of March – the birthday of its namesake – when it would wake up and overwrite critical data on the system’s boot disk.

The computer world went mad. John McAfee estimated that over 5 million computers had been impacted, and the media spread the story of a devastating security incident which would cause absolute chaos. This caught the attention of the general public, who at this stage were largely unaware of the risks surrounding malware.

The 6th of March rolled around, and it turned out that only a few thousand computers had been infected – not quite the dizzying heights estimated by McAfee. The actual impact didn’t matter, though. The world already had their eyes on cybersecurity.

Time to get creative

In the years that followed, more and more unique viruses hit the mainstream and affected millions of computers. They took advantage of poor cybersecurity and awareness, costing lots of money and causing significant data breaches and system failures. What had started as simple trolling with the intent to cause a bit of chaos had become a very expensive problem. The Melissa virus was the first to use email to spread on a massive scale, causing losses totalling $80 million in the US. A year prior, the CIH virus had caused over $1 billion in damage.

In retaliation, antivirus software was produced on a mass scale, but this wasn’t enough, especially for larger organisations which relied on hundreds of computers. Soon came the wide scale formation of CERTs (Computer Emergency Response Teams) which handled the detection and response of any cybersecurity incident, including malware infections and data breaches.

Up until this point, most cybersecurity software and protocols were focused on minimising the damage a virus could make to a system once it had infected it. This changed in 1996, when a researcher at Microsoft developed the first VPN technology, known at the time as PPTP. The technology aimed to prevent malware from ever getting onto the computer by creating a digital tunnel between a computer and the VPN server. VPNs became available first for businesses, and then for your average computer user during the 2000s.

The 2000s as a whole saw malware threats get more malicious and more intelligent. The number of Distributed Denial-of-Service (DDoS) attacks increased, including Blaster Worm and variants of the Netsky virus. These attacks disrupted tens of thousands of businesses, and governments began to clamp down on hackers. In fact, the creators of both the Blaster Worm and the Netsky viruses – both teenagers at the time – were arrested and charged.

As more distinct types of malware were developed, cybersecurity software had to become more specialised. In 2005, the first anti-rootkit software was released, which would find and remove near-invisible pieces of malware. Hackers use rootkits to sneakily access your computer, controlling it and swiping important data, and the stealthy nature of them made it easy for traditional antivirus software to miss them. The 2000s also saw the introduction of CAPTCHAs, which served to differentiate between computers and humans, further increasing account security.

This increase in specialisation caused the size of antivirus programs to grow, which began to slow down the computers they were protecting. With this in mind, cloud-based anti-malware was developed, first by McAfee and then by AVG, which protects computers remotely from a cloud-based server. This also allowed for automatic software updates, which were increasingly important for keeping up with the fast evolution of malware.

A new target

Throughout the 2010s, attacks continued to advance. At this point, malware had progressed past the classic, retro-style pop-ups we all remember from the 90s and 00s, and hackers had become more ambitious. Just before Christmas in 2013, American retail company Target became the victim of the first big data breach. The sequence of events began with a phishing email to a third party vendor, and ended with the hackers acquiring 40 million credit card numbers and personal details of 70 million customers, including their names, pins, phone numbers and security codes.

This attack, among others, influenced many of the cybersecurity developments in the years that followed. Companies began to take cybersecurity much more seriously, and processes like two-factor authentication were introduced to prevent hackers from accessing accounts with just a username and a password. The concept of CAPTCHAs was revamped by Google, with reCAPTCHA replacing the distorted text challenges with a simple tick box, backed up by further challenges which ask a user to select images which fit a description.

Artificial Intelligence hit the cybersecurity scene in the late 2010s, using machine learning and behavioural detection technology to stay ahead of the ever-evolving threats by analysing past data to identify patterns and making predictions about future attacks. This was a job initially carried out solely by humans, but as organisations grew and more vulnerabilities were revealed, the task became too large to handle without AI.

Despite these developments, malware attacks didn’t disappear – as we are all aware. In recent years, the most common threat has been ransomware, which prevents users of an infected computer from accessing their files through encryption. The attacker will offer the victim a decryption key – in exchange for a monetary ransom. If your company’s systems are hacked by Ryuk, for example, you can expect to be asked for a ransom of over $1 million.

Today and beyond

VPNs are still one of the most popular security solutions of today, with about a third of all internet users estimated to rely on them. However, they aren’t perfect – whilst they do a great job of encrypting all information sent to and from your computer, they still create a large attack surface, leaving networks at risk of being hacked. This is particularly devastating when VPNs are used for remote working, as anyone who can obtain the correct login details can access the full network that the VPN was supposed to protect.

Zero Trust Network Access (ZTNA) is the next cybersecurity development regarding remote working, and requires the user not just to know a password, but to have the correct identity and be using the correct device in the correct location. ZTNA also allows users to only access what they need, rather than everything on the network – making it much harder for malicious users to run riot.

As technology on the whole develops, the cybersecurity industry is focused on building upon existing solutions to stay ahead of the game and continue to combat the threats created by cyberattackers. Technologies such as blockchain and the Internet of Things (IoT) offer new and exciting options for cybersecurity – but, at the same time, come with new challenges.

Leave a comment