In 1988, the Jerusalem virus appeared and swept across much of Europe. At the time, Peter Norton did not believe that viruses would ever be a serious problem for individual computer users.
So says Patrick Evans, MD of Symantec SA, who cites Norton's famous quote: "Viruses are like alligators in the sewers of New York, they don't exist." Evans adds that several of the technical people working for him disagreed, and they created Norton AntiVirus, which became a multimillion-dollar business. "Today, the security industry is worth billions, and ever-evolving."
According to Evans, the 1970s was a time in information security that was largely untouched by digital calamity, but marked by exploration of emerging telecommunications technology.
"Outside of blowing a vacuum tube or spilling coffee on a stack of punch cards, the battle back in those days had a lot more to do with making things work than with thwarting the wily hacker," he adds.
Nonetheless, he says hacking the phone system took centre stage during this time, as phreaking (phone hacking) hit the scene courtesy of the first modern hackers, and the people who set about trying to keep them from making free calls.
During the 1980s, Evans says a patchwork quilt of events was marked by technological advancement. "This decade ushered in the era of malware, marking the first virus, named 'Brain', in 1986, as well as the infamous Morris Worm in 1988. Importantly, the Computer Fraud & Abuse Act was instituted in 1986 and Kevin Poulsen brought hacking into mainstream public consciousness as he scored pole position on an episode of America's Most Wanted."
However, he says it was only in the 1990s when the real trouble began on the Internet and resulted in the dawn of the modern information security industry. "Notable threats of the 1990s included the Michelangelo virus, Melissa and Concept. Distributed denial-of-service attacks and the bots that made them possible were also born in the 1990s, with names like Trin00, Tribal Flood network and Stacheldracht."
Early victims
According to him, beyond malware, AOL suffered through the first real phishing attacks, as fraudsters aimed at nabbing a user's credentials. "Privacy watchdogs called out in concern as tracking cookies were born, allowing ad networks to monitor user surfing behaviours in a rudimentary fashion. Big personalities and tall-tales marked the 1990s, from the L0pht crew and Masters of Deception to hacker anti-hero Kevin Mitnick."
The troublemakers of the 1990s turned into criminals of the 2000s, adds Evans. "Adware and spyware kicked off the decade with their rogue marketeering and digital shoulder-surfing. Programs such as Conducent TimeSink, Aureate/Radiate and Comet Cursor were early players in the adware/spyware games that marked the first half of the decade and simmered on across the globe - causing disruption."
However, he says perhaps even more disruptive and visible than adware and spyware is the aggressively self-propagating malware that the 2000s have brought. Big name threats such as Code Red, Nimda, Welchia and Slammer all showed that unpatched machines and weak firewall policies were no match for rapid-fire vulnerability exploitation from self-replicating malware. While companies were busy cleaning up from the mess left behind by those worms, phishers were preparing their onslaught on trusted brands.
"The era of phishing and malicious Web sites was upon us and this is the decade where our time warp steps up to warp speed - zero day attacks, rootkits, rogue anti-spyware, SPIM, clickfraud and other attacks all made their mainstream debut in the current decade," he adds.
Today's dangers
Evans describes the Internet threat environment today as being characterised by an increase in data theft, data leakage, and the creation of targeted, malicious code to steal confidential information. Cyber criminals have continued to refine their attack methods in an attempt to remain undetected and to create a global network of criminal activity.
He says attacks have become more frequent, more varied and more innovative; there has been a major shift in the security industry from the idea of protecting the device or infrastructure, towards protecting the information and interaction.
"The need for security is obvious, but the need for security to become a total solution that focuses on integrity at every level of operation is still an emerging trend," he concludes. "As the threat landscape unfolds, vendors and their partners, new and old, need to continue to monitor and assess threat activity to prepare for the complex Internet security issues to come.
"They need to ensure businesses and consumers are conscientious as to how they go about securing their valuable information so they can operate confidently in today's digital environment."
Share
