Since 2000, there have been large-scale changes in the development of cybercrime. Organized hacker groups have created tools to infect as many devices as possible and bring maximum revenue. This is a period of development of malware targeting both critical and industrial infrastructure. Here is another summary of the history of cybercrime by Fortinet experts.
The Story of Cybercrime: The New Millennium and Worms
2005: Mytob / Zotob – worm, back door and botnet all rolled together
Before Mytob, the authors of malware were mostly amateurs who created it for jokes or curiosity. However, the emergence of Mytob / Zotob options has changed the world.
Mytob combines the functions of a worm, backdoor and botnet. He infected the devices in two ways. In the first, he used the contacts in the victim’s address book for automatic distribution – he sent himself in malicious e-mail attachments. In the second, it used protocol flaws that allowed it to scan for sensitive devices on the network and then replicate them.
Mytob is also one of the first types of malware that blocks or even works against antivirus software, preventing the victim’s computer from accessing websites that have updates. It was very impressive for its time, but also had many options with different functionality. It consistently topped the list of biggest threats.
Mytob / Zotob options shut down 100 companies, including the New York Times and CNN.
The period of capture of spyware and searches begins
2005: CoolWebSearch and BayRob
CoolWebSearch, commonly known as CWS, was the first tool to allow cybercriminals to seize search results from Google and to match hackers’ own “results.” CWS was mostly distributed through programs downloaded from the Internet or advertising programs. Deleting it was so widespread and difficult that volunteers developed programs (such as CWS Shredder) and ran online forums to delete it for free.
A similar attack occurred a few years later in 2007. As a result, criminals seized search results from eBay. In Ohio, a woman was found buying a car that could never earn several thousand dollars. Authorities determined that the car was not actually for sale and that the BayRob malware was on the computer of the buyer who “placed” fake offers on his device. The FBI and Symantec have been patiently waiting for cybercriminals to make mistakes for years and were arrested in 2016.
Spyware, spyware, etc. espionage and the discovery of cyber weapons used by states
Early 2010 is the time to detect malware used to attack Industrial Control Services (SCADA). Stuxnet emerged as the first malware to target critical infrastructure. In this case, they were industrial centrifuges (especially nuclear), where Stuxnet spun them excessively and took them to melt. It first attacked companies in Iran, but soon spread to SCADA systems around the world. Analysis of its code has shown that it is not specific to devices used in Iran and can be adapted to any company using ICS solutions. An article published in the NY Times in 2012 confirms that Stuxnet was developed by the United States and Israel.
Regin was a modular remote access Trojan (RAT) that could easily adapt to the target environment. Exfiltrated documents were often stored in an encrypted container. Because they are in the same file, this has not been questioned by system administrators or antivirus programs. According to Der Spiegel, Regin was a creature of the US NSA and was intended to spy on EU citizens. This became known during the leak of information provided by Edward Snowden.
When it was discovered, Flame was considered the most advanced malware ever found. He had everything: the ability to broadcast via LAN, to record and capture screenshots and sounds, to listen to and record conversations. Flame’s target was primarily organizations in the Middle East.