The evolution of cyber threats: looking back over the past 10 years

Over the past decade, the world has witnessed a dramatic increase in cyber threats. The digital age has brought about new opportunities for innovation and growth but has also created new avenues for cybercriminals to exploit. The rise of new technologies, such as artificial intelligence, has enabled attackers to become more sophisticated in their methods. 

In this blog, we will look back at the evolution of cyber threats over the past decade and explore how businesses can adapt to these changes. We will also discuss how NordLayer protects your data and resources ahead of the curve.

Upsurge of cyber threats

The past decade has seen a rise in various types of cyber threats, from ransomware attacks to social engineering tactics. One of the most notable threats is ransomware, where attackers encrypt a victim's files and demand a ransom payment to restore access.

In 2020, ransomware attacks rose by 150% compared to the previous year, according to The Harvard Business Review. Another common threat is phishing, where attackers use social engineering tactics to trick victims into revealing sensitive information. Phishing is an effective and dangerous cybercrime because it relies on people's inherent trust in the internet. The idea that criminals would be able to fool you into giving up private information is hard for most people to believe, which makes it easy for even well-meaning people to fall victim to a phishing attack.

Impact on businesses

The impact of cyber threats on businesses cannot be overstated. Cyber attacks can result in significant financial losses, reputational damage, and legal consequences. According to a study by IBM, the average data breach cost in 2020 was $3.86 million. 

According to Forbes, small and medium-sized businesses are especially vulnerable. The impact of cyber attacks on businesses extends beyond financial losses, with reputational damage and loss of trust among customers also being significant concerns.

2009-2012: rise of advanced persistent threats (APTs)

The period between 2009 and 2012 saw a rise in advanced persistent threats (APTs). APTs are long-term attacks that focus on stealing data from a specific target and are highly sophisticated. The attackers would spend months or even years gathering information about their target before launching an attack. The goal was to steal sensitive information without being detected.

One of the biggest examples of this type of threat during this timeframe occurred in 2010, where Google and other companies were targeted in a series of APT attacks known as Operation Aurora. Attackers gained access to sensitive data and intellectual property by exploiting company software systems vulnerabilities.

Some ways to protect against APTs include:

1. Secure VPN: A secure virtual private network (VPN) that encrypts all data transmitted between the user and the internet. This ensures that sensitive information is kept confidential and protected from cyber attackers.
2. Next-generation firewall: A next-generation firewall can detect and block malicious traffic, including APTs. It also allows for granular control over network traffic, enabling administrators to restrict access to sensitive resources.
3. Intrusion Prevention System (IPS): IPS uses advanced techniques to detect and prevent APTs from infiltrating the network. This includes detecting and blocking attempts to exploit network and software vulnerabilities.
4. Threat intelligence: Ideally, a threat intelligence platform continuously monitors global threat activity and automatically updates security policies and rules to protect against new and emerging threats.
5. User behavior analytics (UBA): A UBA solution can identify and flag abnormal user behavior that may indicate a security threat, such as an APT. This helps administrators quickly detect and respond to potential attacks.

2013-2016: ransomware and business email compromise (BEC)

Between 2013 and 2016, ransomware and Business Email Compromise (BEC) attacks rose. Ransomware is a type of malware that encrypts a victim's files and demands payment in exchange for the decryption key. On the other hand, BEC attacks involve impersonating a senior executive and tricking employees into transferring money to a fraudulent account.

These attacks proved to be highly profitable for cybercriminals, with ransomware payments reaching billions of dollars annually. BEC attacks have also been on the rise, with the FBI reporting losses of over $1.7 billion in 2019 alone.

The WannaCry ransomware attack affected hundreds of thousands of computers in over 150 countries. The attackers demanded ransom payments in exchange for unlocking the affected systems. Another good example of these threats during this timeframe was the CEO Fraud in 2015, where tech company Ubiquiti Networks fell victim to a BEC attack that cost the company $46.7 million. The attackers posed as Ubiquiti executives and convinced employees to transfer funds to overseas accounts.

Some ways to protect against ransomware and BEC attacks include:

1. Email filtering: This service can help protect against BEC attacks by blocking suspicious emails that may contain phishing or malware links. This helps prevent employees from falling for social engineering tactics and inadvertently giving hackers access to sensitive information.
2. Anti-malware: A solution to detect and block ransomware before encrypting files on a company's network. This helps prevent data loss and minimize the impact of a ransomware attack.
3. Backup and recovery: Automated backup and recovery services can help restore data and systems during a ransomware attack. This helps minimize the damage caused by an attack and reduces the likelihood of paying a ransom to recover data.
4. User awareness training: Employee training and awareness programs help educate staff on recognizing and reporting potential security threats such as BEC attacks. This helps employees understand how to protect themselves and the company from cyber threats.
5. Access control: This feature allows administrators to restrict access to sensitive data and systems, helping prevent unauthorized access and reducing the risk of a successful ransomware attack.

2017-2020: Internet of Things (IoT) and artificial intelligence (AI) threats

The period between 2017 and 2020 saw the rise of Internet of Things (IoT) and Artificial Intelligence (AI) threats. This time frame saw the first cases of this type of attacks.

IoT devices are becoming increasingly popular for on-site and remote businesses, making them a prime target for cybercriminals. These devices often lack proper security measures, making them vulnerable to attacks.

Artificial intelligence plays an increasingly significant role in the evolution of cyber threats. On the one hand, AI is being used by businesses to improve security measures, such as detecting anomalous behavior and identifying potential threats. On the other hand, cybercriminals are also using AI to create more sophisticated attacks.

For example, cyber-criminals can use AI to generate realistic phishing emails that are more likely to trick victims into revealing sensitive information. AI is also being used to create deep fake videos and audio, which can be used for social engineering attacks.

The Mirai Botnet was a massive cyberattack in 2017 that compromised hundreds of thousands of IoT devices, turning them into a network of bots used to launch DDoS attacks on various websites. The botnet primarily targeted vulnerable IoT devices such as security cameras, routers, and DVRs that had weak or default login credentials.

According to a report from Wired, "Mirai was responsible for the largest DDoS attack in history, which peaked at 1.1 terabits per second and brought down the DNS provider Dyn, taking down popular websites including Twitter, Netflix, and Reddit in the process."

Another example was the 2018 DeepLocker; a type of AI-powered malware that is designed to evade traditional cybersecurity measures by using AI algorithms to hide and remain undetected until it reaches its target.

The malware is designed only to activate when it detects a specific target, such as a particular person's face or voice. The malware was created as a proof-of-concept by IBM's X-Force Red team to demonstrate the potential risks of AI-powered attacks.

Some ways to protect against AI attacks include:

1. Network segmentation: This feature can segment the company's network, separating IoT devices from other devices and systems on the network. This can help prevent an attacker from using an IoT device as a backdoor to access the company's sensitive data and systems.
2. Device management: This service ensures IoT devices are configured with the proper security settings and updated with the latest firmware and security patches. This helps prevent IoT devices from becoming a vulnerability and potential targets for attackers.
3. Behavioral analysis: Behavioral analysis detects abnormal activity in the network, which can help detect and prevent AI-based attacks. This includes monitoring the behavior of IoT devices and detecting anomalies that may indicate a potential attack.
4. Machine learning: Machine learning utilizes algorithms to analyze network traffic and identify potential threats. This includes the ability to detect anomalies in the behavior of IoT devices, which can help identify potential AI-based attacks.
5. Threat intelligence: Ideally, a threat intelligence platform continuously monitors global threat activity and automatically updates security policies and rules to protect against new and emerging threats, including those targeting IoT and AI systems.

2021-2022: supply chain attacks and Ransomware-as-a-Service

In 2021 and 2022, there has been a significant increase in supply chain attacks and Ransomware-as-a-Service (RaaS) attacks. Supply chain attacks involve targeting a third-party vendor to gain access to their customers' networks. These attacks have been highly successful, with cybercriminals targeting software providers, IT companies, and cloud service providers.

RaaS attacks involve renting out ransomware to other cybercriminals for a percentage of the profits. This business model has made it easier for cybercriminals to launch attacks, resulting in a surge of ransomware attacks worldwide. According to a report by SonicWall, there were over 304.7 million ransomware attacks in the first half of 2021, a 151% increase from the same period in 2020.

One of the biggest related incidents took place In 2020. The SolarWinds supply chain attack affected multiple U.S. government agencies and corporations. The attackers compromised SolarWinds' software updates and used them to distribute malware to their customers.

Another case worth studying is the Colonial Pipeline, a ransomware attack in 2021 that shut down a major fuel pipeline in the United States. The attackers demanded a ransom payment in exchange for restoring access to the company's systems.

Some ways to protect against Supply Chain Attacks and Ransomware-as-a-Service attacks include:

1. Vulnerability scanning: This service can detect vulnerabilities in software and systems that may be exploited in a supply chain attack. This includes identifying outdated software, unpatched systems, and other potential vulnerabilities.
2. Access control: This feature allows administrators to restrict access to sensitive data and systems, helping prevent unauthorized access and reducing the risk of a supply chain attack.
3. User awareness training: Employee training and awareness programs help educate staff on recognizing and reporting potential security threats, including supply chain attacks and ransomware-as-a-service. This helps employees understand how to protect themselves and the company from cyber threats.
4. Anti-malware: This solution can detect and block ransomware before encrypting files on a company's network. This helps prevent data loss and minimize the impact of a ransomware attack, including those delivered as a service.
5. Backup and recovery: Automated backup and recovery services can help restore data and systems during a ransomware attack. This helps minimize the damage caused by an attack and reduces the likelihood of paying a ransom to recover data.

2022-present: deepfake and synthetic identity fraud

In 2022, deep fake and synthetic identity fraud attacks became increasingly prevalent. Deepfake technology involves creating realistic videos or audio recordings that can be used to spread misinformation or conduct social engineering attacks. On the other hand, synthetic identity fraud involves creating fake identities using real and fake information.

These attacks have proven to be highly effective, with cybercriminals using deep fake technology to impersonate high-level executives or political leaders to spread false information. Synthetic identity fraud has also been on the rise, with losses estimated to reach $1 billion in 2022, according to the 2022 Internet Crime Report of the Federal Bureau of Investigation.

In the article TOP 5 cyber attacks of 2022, the best examples of this type of threat can be further analyzed.

How can NordLayer help?

Cybercriminals constantly evolve their tactics, making it essential for businesses to stay up-to-date with the latest threats. Cybercriminals use fileless attacks, which do not leave a footprint on the system, and supply chain attacks, where attackers target third-party vendors to gain access to a network. By understanding these tactics, businesses can take steps to protect themselves.

The past decade has seen a rapid evolution in cyber threats, with attackers becoming more sophisticated and their tactics becoming more advanced. Businesses must adapt to these changes by implementing robust cybersecurity measures to protect their data and resources. NordLayer remains committed to providing top-notch security solutions that evolve with the changing cyber threat landscape.

Our Zero Trust Network Access solution provides secure access to resources and data, while our ML-powered (machine learning) threat detection system prevents end users from accessing potentially harmful websites that may affect business operations.

As the cybercrime landscape develops, NordLayer continues to evolve its products to protect access to data and resources. Our security solutions include access control features, network segmentation, and secure VPN.

We continuously monitor the latest threats and adapt our products to provide the most robust protection possible.

Contact NordLayer and learn how we can help you secure your business.