For more than 30 years, cyber attackers and security teams have battled it out across the digital landscape, one side looking for gaps and flaws to target, the other side fixing and protecting them. The pace of the conflict is accelerating. Today, there are more than 1 billion known malware programs. Of these, 94 million appeared in the last 12 months. In 2009, the annual figure was 25 million.
To mark Barracuda’s 20th anniversary, we took a high level look at how cyberattacks and cybersecurity have evolved since we started in 2003, and what might be waiting round the corner.
The landscape by 2003
By 2003, cyberthreats had begun to diversify and multiply, but attacks remained largely fragmented, disruptive, and often opportunistic. Viruses, worms, and other malware took advantage of the rise in business internet use but were not really implemented as part of organized cybercriminal attack campaigns. The attacks targeted laptops and desktop devices and looked for cracks in a defined and controlled access perimeter.
The corresponding cybersecurity landscape was focused on scanning for and detecting known malware by its signatures and on blocking spam, viruses, and basic web attacks. The static signature detection system was soon complemented by heuristic detection (detecting viruses by examining code for suspicious properties) designed to spot the growing number of previously unknown malware variants.
Waiting in the wings, however, was the first push-enabled BlackBerry handset released in 2022 — freeing employees and data from the traditional confines of the workplace. It wasn’t long before other devices, technologies, and applications followed, and everything changed forever.
By 2009, mobile devices, services and software were taking over the business landscape. The security perimeter stretched ever further outwards, and attackers got organized. Financial fraud, phishing, ransomware, spyware, botnets, and denial of service (DoS and DDoS) joined the cyberthreat ecosystem — and didn’t leave. Some of the attack tactics first reported during this time — such as SQL injection – are still in use today.
To cope with larger and more varied digital workloads, virtual machines (VM) and virtualization became integral components of IT networks. It can be harder to keep track of workloads and applications in a virtualized environment as they migrate across servers, which makes it more difficult to monitor security policies and configurations. Under-protected VMs can be targeted with malware and, once infected, can spread malware across the entire virtual infrastructure. Virtualization also offered some security advantages. If a VM is isolated from the wider network it can be used for malware analysis, penetration- and scenario- testing.
The age of modern ransomware had arrived. Web-based and social engineering attacks became widespread, and attacks by nation-state supported groups and hactivists increased.
At the same time, the business need for scalable, accessible, security that can be updated in real-time and doesn’t drain resources drove security to the cloud and as-a-service consumption models. Organizations also looked for security that could store and protect their growing volume of cloud-hosted assets and for advanced email security to combat the increasingly sophisticated email-based attacks.
As the decade progressed, cyberattacks became more prolific and destructive. Connected internet-of things (IoT) systems and hybrid cloud/on premise IT environments become common, offering attackers a broader attack surface and new points of weakness to target and exploit. Attackers were using fileless malware and legitimate or built-in IT tools to bypass security measures and detection.
The skills and resources needed to secure complex digital environment against such threats overwhelmed many organizations, and they turned in growing numbers to managed service providers for external support. Security provision became more flexible, available through the major online marketplaces and other service providers so it could be bought and up and running within minutes.
2017 was to be a defining year for cyberthreats and cybersecurity. It was the year the powerful exploit tool targeting the SMB protocol, EternalBlue was leaked and the year of two attacks with vast global impact — WannaCry and NotPetya.
Today, we see the internet-of-things evolving into the internet-of-everything (IoE.) Security integration and visibility are struggling to keep pace — leading to security gaps that attackers are quick to target and exploit.
Both attackers and defenders are harnessing AI and machine learning — the first to craft ever more convincing social engineering attacks and malware; the second to develop ever more intelligent security tools to detect and block these.
With malware tools and infrastructure widely available as-a-service, cyberattacks are within the reach of many more criminals, powering the spread of ransomware, extortion and more — and homing in on businesses with many users, devices, applications, and data active far beyond what was once the perimeter.
Security has adapted, implementing single vendor, end-to-end network security platforms that bring advanced security to the edge — known as Secure Access Service Edge (or SASE) – with Zero Trust based access controls, threat intelligence, incident response and 24/7 security operations centers.
The Russia-Ukraine war that started in 2022 has also reminded the world how cyberattack tactics, such as DDoS, wipers, and more can be wielded as cyberweapons in times of geopolitical tension.
What does the future hold?
As we move towards the second half of this decade, we know that security perimeters are a thing of the past, and that attacks are more likely have catastrophic results, simply because we have become so dependent on vast interconnected digital systems and infrastructure. Security needs to be embedded deeply into these systems.
We expect the widespread adoption of AI to continue, with significant repercussions for businesses, society, and geopolitical stability. AI will enable security operations centers to become intuitive and responsive, accelerating the detection, understanding and mitigation of complex incidents.
By the end of the decade, quantum computing is expected to become commercially viable, transforming everything from drug development and financial markets to climate change and weather forecasting. Quantum computing will also have a significant impact on cybersecurity, including the ability to crack traditional encryption.
Cybersecurity is a journey. Looking back across 20 years shows us that attackers and security teams have adapted continuously to the changing landscape and to each other, both sides driving and driven by change. Over the coming years, the pace of change will continue and accelerate. There will be new vulnerabilities and new threats, alongside decades’ old tactics and weaknesses — security needs to be ready for it all.
Photo: Suthikiat Thaiprasansup / Shutterstock