I’m The Creeper, Catch Me If You Can
By Adam Boad – CYSIAM Consultant
It’s been 50 years since what most experts agree was the world’s first worm. Although created with no malicious intent, ‘The Creeper’, created by Bob Thomas in 1971, was a piece of self-replicating code that gained access via the ARPANET to affect all mainframe computers running the TENEX operating system.
As new technologies and software are created, malicious code will only ever be one step behind. Throughout the 1970’s and 80’s, the damage done by malware was mostly localised, as use of computers and the internet was restricted to a limited number of academics and businesses. Progressing through the 1980’s, more significant pieces of malware were created, not just in terms of damage caused but also in respect of media recognition. In 1988, the Morris worm, so called due to its creator, Robert Morris, resulted in the first criminal conviction under the United States 1986 Computer Fraud and Abuse Act.
The 1990’s saw the first hugely significant increase in the use of the internet, due to its availability publicly. Rapid expansion in the number of emails being sent inevitably meant email-based malware wasn’t far behind. One of the most famous email based worms, the ILOVEYOU worm which would be sent as an attachment, used early social engineering techniques to disguise itself as a love letter for unsuspecting romantic hopefuls. ILOVEYOU would then propagate amongst the user’s files sending copies of itself to the infected users contact list.
The noughties saw a big rise in the use of financial service trojans; in particular, Zeus, or zbot. The malware would be used to log keystrokes of the victim, leading to the stealing of their credentials including, but not limited to their bank details. To this day, Zeus is still seen re-appearing across the internet.
Malware has evolved into an increasing threat to individuals and businesses alike, with ransomware like Cryptolocker in 2013 laying down the gauntlet for ransomware gangs to follow. Famously reported, the WannaCry cryptoworm attack in 2017, which infected over 200,000 computers in the space of less than 8 hours, including devices owned by the NHS in the UK, is an example of how threat actors can also be a nation state.
Malware is a constant, ever evolving threat internationally, with cyber security incidents caused by malware on an upward trend. All is not lost though, there are practical, easy to implement practices businesses of all sizes can execute to prepare and defend themselves against an attack. Some may include:
Backing up your data – As ransomware is ever more accessible to malicious actors, knowing you have a failsafe for your critical data should be of paramount importance. Confirming your backups are accessible for when you need them is a common oversight, while maintaining backups in more than one location provides an extra layer of defence.
Train your employees – Staff training to identify, avoid and report social engineered phishing attempts.
Monitor and reduce your attack surface – Ensuring your critical assets are constantly updated and monitored will help to provide a robust defence against a breach. Furthermore, reducing your attack surface limits opportunities for initial compromise, while also limiting vectors for movement within your network.
Policy Implementation – Following security best practises in devising thorough risk management strategies and policies. Also ensuring they are updated in line with new types of attacks and malware.
In short, understanding how malicious software might be disguised, by potentially looking back at previous malware exfiltration’s may go a long way in protecting you from attacks. As new malware is created, it’s important to stay vigilant; implementing the four steps above will help you stay in front of the malware threat.