Love Letter for You

All that has changed now and cyberattacks are no longer the work of individuals seeking notoriety, they tend to be organised gangs or state sponsored, well funded, highly sophisticated and targeted and in most cases they have strong financial motivations. In fact, some claim that cybercrime is now more profitable than drug trafficking.
|

Don't be fooled by the title: this is not a love story. Fifteen years ago, on 5th May 2000, computer worm "I love you", also known as "love letter", started to spread. The malware disguised as a love email infected approximately 45 million users worldwide. It spread across three continents in five hours and made large corporations and governmental bodies shut down their servers completely to avoid infection. The cost to recover the files and repair the damages to email servers in the US is estimated at $15 billion.

The worm not only damaged the machines of all the lonely hearts that opened the attachment but it also accessed their address books to email itself to their full list of contacts. The fact that it came from trusted sources tricked people into opening the attachment.

Despite affecting tens of millions of computers globally and being one of the most widely spread computer worms to date, 'I love you' did not bring any profit to its creators; some notoriety in the cyber community, perhaps, but no hard cash. This is where the difference lies between then and now.

All that has changed now and cyberattacks are no longer the work of individuals seeking notoriety, they tend to be organised gangs or state sponsored, well funded, highly sophisticated and targeted and in most cases they have strong financial motivations. In fact, some claim that cybercrime is now more profitable than drug trafficking.

Cybercriminals monetise attacks in many ways including the sale of stolen data, which can be anything from personal contact and credit cards details to trade and government secrets. If 'I love you' had a more malicious intent, the value of possible stolen data would have been immense. So now instead of looking for widespread chaos and noisy 'hit and run' style campaigns, hackers focus on specific targets with an ultimate goal of remaining anonymous and undetected for as long as they can in order to keep performing their illegal activities in the network without being caught.

Advanced criminals keep a low profile and avoid well-known tactics and once some vulnerability becomes widely known, they develop new strategies. Their goal is to blend in with genuine users of their targeted organisations, so that it will take longer for their presence to be noticed. They will hide in plain sight; for example, by using malware disguised as files that look harmless, which was the same tactic used 15 years ago to spread the 'I love you' worm.

In response to these growing threats, organisations have increased their security and are investing not only on prevention but also on how to react during an attack and what to consider afterwards, how to learn from past breaches and identify and fix any vulnerability in their networks.

It is a never-ending battle and unfortunately cybercriminals will always be ahead in this race, as they are able to breach an organisation faster than most companies can respond, and the gap between attack time and response time keeps widening. According to the Verizon 2015 Data Breach Investigation Report, "in 60% cases attackers are able to compromise an organisation within minutes".

Attackers are increasingly more qualified and sophisticated, but you will still continue to see email phishing scams, as even though we should all have learned something important from this fifteen year old lesson, people continue to keep falling for them.

As the threat continues to evolve, security needs to keep climbing on the list of priorities as all organisations are a potential target. It is important that security threats and strategies become a more common topic in the boardroom, not only for the security professionals. Those responsible for addressing the protection of an organisation should consider not 'if' they will be compromised, but 'when' and implement defensive strategies that can deal with the entire attack continuum, before, during and after an attack.