The malware creator hackers of the late 1980s and 1990s were tech-savvy people who tried to prove their skills by having a little fun and testing their limits. Some of the first malware was harmless, while others were really harmful.
The Cascade virus, for example, did no real damage, in the sense that it did not alter any files, spied on an infected device or stole data; it simply caused the letters to “fall on the screen” of the infected device and accumulate at the bottom, like leaves falling from a tree. Likewise, the Ping Pong virus showed a ball bouncing back and forth, and the worst thing this virus did was to crash the computer, but that only happened on certain types of machines.
At that time, viruses and malware were spreading slowly, as they spread mainly through floppy disks, meaning that it could take months for a virus to reach different countries. In fact, some of the first viruses are named after cities, such as the Vienna virus or Sevilla2.
Around 1996, macro viruses, designed to inhabit Microsoft Word documents, began to become commonplace. The internet was starting to gain popularity at that time, and users were beginning to share documents, creating an opportunity for creators to spread their viruses at a faster and much faster rate than before.
In 1999, email worms began to circulate, ushering in a new era in the world of computer viruses, which would last for years. Melissa was the first macro to self-propagate, sending himself to the first 50 email addresses stored in Microsoft Outlook contacts.
The virus itself was not dangerous, but it caused the email servers to collapse due to the large amount of electronic messages sent at once. In May 2000, the ILOVEYOU virus was released, infecting more than 10 million Windows computers worldwide. It would overwrite files and also send itself to all addresses found in a user’s infected Windows registered contacts.
During that time, “script kiddies”, young people with few programming skills, started to create their own malware, modifying script viruses, such as ILOVEYOU.
In 2001, vulnerabilities began to be exploited by viruses on a larger scale: Nimda, Code Red and Klez were some of the most popular. Two years later, in 2003, viruses jumped to a whole new level with the Blaster worm, which took advantage of a Windows weakness and was able to infect any unpatched computer without user interaction, just by having the PC connected to the computer. Internet. Blaster performed widespread Distributed Denial of Service (DDoS) attacks.
But then, money came into play
As the different behavioral aspects of life migrated to the digital world (fitness, shopping, entertainment and banking), new ways for cybercriminals to make a profit emerged. Not long after financial institutions began offering banking services over the internet, the first banking trojans – malware designed to steal bank credentials – appeared, as well as the first phishing attacks. This started the era of cybercrime.
In 2004, we saw the first banking trojans being applied, using basic but effective techniques.
These attacks have evolved to a point where it was possible to see the professionalism of the people behind the malware developments
A good example of this was Zeus, also known as ZBOT, first seen in 2007 capturing user credentials, changing web page forms and redirecting Internet users to fake websites (among other things), but consistently evolving over time. It was broadcast on the internet until 2010 and its descent is still widespread.
Many others followed suit (such as Gozi, Emotet and SpyEye), and to this day, attackers continually develop new variants that are constantly being introduced to prevent detection by security solutions on users’ devices.
Another type of trojan that became very popular in the early 2000s to generate income among cybercriminals was the so-called “police virus”. When this type of malware infected the computer, a message was displayed saying that there was illegal content on your device (such as pornography, downloaded movies, etc.) and that, to avoid being prosecuted, the user had to pay a fine.
They used the computer’s IP address to locate the person and show a personalized message
Many changed the background image of the victim’s Windows desktop, showing that message, and even used the computer’s IP address to locate the person and show a personalized message. For example, if the citizen was in the USA, the false warning came from the FBI in English and using the US flag; in Spain it was a message in Spanish with the local flag and posing as a civil guard or the national police, among others.
After that, cybercriminals continued to target people’s secret data in different ways and make money using it, selling it on the black market, or even encrypting it and holding it hostage in exchange for a ransom (that’s what we call ransomware). But not just bank accounts and people’s personal data were being targeted.
Targeting large organizations to profit more
Cybercriminals have become more ambitious and have turned to larger entities and larger companies, with more assets to protect and more money to spend on ransoms.
They started gaining access to corporate networks and data, stealing and encrypting them or making a copy, and even threatened to release them to the public, unless a certain amount of money was paid to the agents behind the scam. This proved to be a very profitable business.
Over the past year, there has been a huge increase in the number of ransomware attacks, accentuated by the pandemic. Avast data confirm that ransomware grew 20% during March and April compared to January and February 2020. Organizations like Travelex, University of California, Communications & Power Industries (CPI) and the city of Florence (Alabama), to name a few , had to pay millions of dollars in ransom after being attacked in 2020.
The ways in which cybercriminals gain access to date vary, but some even offer “consulting services”, giving victims tips to protect their corporate networks to prevent future attacks.
The more money they receive, the more advanced attacks they prepare for the future and the greater the targets they can attack, including national and international organizations, and even countries as a whole.
Money in cybercrime
The number of households with home computers reached 27% and grew to almost 50% in 2019 worldwide. In addition, the number of internet users has quadrupled, jumping from 1.1 million to 4.1 million from 2005 to 2019.
The increase in the number of Internet and PC users together with the innovation of software and applications that people use – but more importantly, for what they use them – has caused a change in the behavior of cybercriminals. Scammers have become real “entrepreneurs”, starting to work independently as well as gangs, and their motives have changed from “showing off, testing their skills and playing” to “focusing on financial gains”.
Instead of proving their skills by breaking the rules and creating chaos, most cybercriminals today just want to get more money. A recent global study confirmed that 86% of data breaches in 2020 were financially motivated. It is our job to protect ourselves in the best possible way and to ensure that we make it as difficult as possible for cybercriminals to make a living by spreading malware and taking advantage of others.
Luis Corrons, biweekly columnist of TecMundo, is Avast’s Senior Associate Researcher. Always attentive to the latest news on cybersecurity, malware and darknet, Luis is a veteran and speaker in the security sector. He is also a reporter for WildList, Chairman of the Board of Directors of the Anti-Malware Testing Standards Organization (AMTSO) and a member of the Board of Directors of MUTE (Malicious URLs Tracking and Exchange).