While the 1980s and 1990s saw the birth of modern cybercrime and new security solutions, the 2000s and 2010s were the scene of an increasing arms race between security experts and hackers. In addition, the development of Internet-connected smartphones, cloud-based services, and the continued growth of e-commerce greatly expanded the threat surface.
The new century also saw the emergence of more organized criminal organizations and state actors who used cyberattacks to enrich themselves or harm political enemies. This gave criminals more significant resources to develop attacks and expand their networks. They also adopted some new approaches.
By 2001, hackers were hiding malware on infected web pages, allowing them to get around the need to send attachments in malicious emails. Zero-day attacks were also developed early in the decade.
Mobile phones spawn mobile virus attacks
New technology brought new types of attacks. While there had been combination phone/personal digital assistant (PDA) hybrids in the 1990s, the first smartphones were released in 2001 and 2002 (the Blackberry being the most popular), followed by the first-gen iPhone in 2007. The first mobile virus was documented in 2004 (designed to infect the Symbian OS). Phones with data connectivity increasingly served as attack vectors for malware and other attacks as users accessed corporate email and websites on unsecured mobile networks.
In addition, cloud computing and hosted software applications began to grow in acceptance during the mid-2000s into the 2010s. This opened another avenue for cybercriminals since early users often aren’t required to connect to these offerings securely.
As new technologies grew, traditional antivirus software became less effective. Hackers were able to navigate around these solutions. New open-source antivirus tools were released to help developers, as well as cloud-based antivirus (in 2007) to reduce the drag these applications has on workstations. OS-based security also emerged during this period, with the need to regularly patch and update antivirus engines and software.
Social media spurs social engineering-based scams
Another critical development during this period was the rise of new social media platforms . Myspace, Facebook, LinkedIn, and Twitter were launched between 2003 and 2006. Criminals soon discovered that these sites contained valuable sources of information about potential targets. Social engineering-based scams were spawned that help boost the success of phishing emails. Since early social media users were inattentively sharing their personal information online such as pet names, maiden names, and child names, providing password hints that served as a goldmine for hackers.
Botnet blitz: the cyberattack on e-commerce giants
The cyberattack that hit major online services like Amazon, eBay, and Priceline in June and July of 2008 was orchestrated using a botnet that launched a series of Distributed Denial of Service (DDoS) attacks. Dmitry Olegovich Zubakha, identified as one of the perpetrators, was apprehended in Cyprus. He and his co-conspirator Sergey Viktorovich Logashov were charged with carrying out the attacks that significantly disrupted the usual traffic flow of targeted websites, rendering them unresponsive.
My team and I were at Priceline.com directly involved in the incident response. We helped in the investigation, and analyzed the attack tactics, and mitigated these DDoS attacks, all while coordinating with local and federal law enforcement agencies, including the FBI, to manage the attack’s impact. We also assisted in the investigation that led to the attackers’ capture. This event underscored the destructive potential of botnets, emphasizing the critical need for robust cybersecurity defenses in the digital age.
As we look back at the early 2000s, it is clear that it was a critical turning point in cybersecurity. The cyberthreat landscape evolved with dizzying speed, outpacing the tools and practices that were designed to protect against them.
Path to advanced real-time defense
However, the challenges we faced were not in vain; they paved the path for the advanced real-time defense mechanisms in place today. From the ashes of each security breach, in-depth and more intelligent solutions emerged, giving rise to an era where proactive defense is not just a goal, but a necessity. The dawn of real-time defense has taught us that in the digital age, vigilance and innovation are our greatest allies. As we continue to navigate through the complexities of cybersecurity, the lessons from the early 2000s remain a testament to our resilience and capacity for continuous transformation.
Looking ahead to the decade spanning from 2010 to 2019 in our next series we will explore a period characterized by the rise of the IoT. During this time we witnessed rapid growth in devices, bringing forth a whole new set of cybersecurity challenges. One major concern was that many of these devices lacked security features. With the adoption of homes, wearables, and connected vehicles, they expanded the cyberthreat landscape significantly. Most notably, this expansion resulted in a growing need to safeguard a network of interconnected devices. These advancements underscored the need for security frameworks and continuous evolution, both in cybersecurity strategies to effectively counteract the dynamic, and the ever-growing threats posed by the digital age.
Photo: everything possible / Shutterstock