A decade of cybercrime

Since 2000, the number of internet users has grown fivefold from 361 million to 2 billion in 2011. We’ve also seen explosive growth in services and products available online. Today, almost any activity - from personal banking to shopping and social networking - can be carried out over the internet. As such, it has become a treasure trove of money and information that cybercriminals can exploit for their personal gain.

While these advances are both exciting and liberating for the consumer, allowing increased convenience and connectivity, it has led to escalating online threats that endanger both our money and our personal identity.

Over the last decade, we have seen four distinct movements occurring in the cybercrime landscape. From 2000-2003, cybercrime was all about notoriety. Every hacker wanted to show off their skills and expertise at duping the masses. The infamous ‘I love you’ worm is an example. This was delivered as a spam email with ‘I love you’ in the subject line and an attachment that purported to be a ‘love letter for you’. Tens of millions of Windows users were infected after opening the attachment, crippling their computers temporarily. However, none of these loud, attention-seeking cyberattacks led to any monetary return, which became the main prerogative in later years.

By 2004, cybercriminals had had enough of ostentatious attacks and were moving to crime for financial gain. Now, they sought ways to cloak their movements as they stole users’ information and money. Adware, or advertiser supported software, was employed to get the user to buy products or services from a link or pop-up. Adware vendors were highly successful during this time in growing their business, as unsuspecting internet users entered their personal details and downloaded this piece of adware. Spyware was also a significant threat at this time, tracking and recording websites visited, which became particularly dangerous with the increase in online banking and shopping.

Rootkits became the next big thing as cybercriminals developed software that could gain privileged access to a computer while also concealing the intruder’s presence. The goal was no longer to make noise, but to become practically invisible while simultaneously stealing money and personal details from their victims.

Also around this time, we saw a shift from lone attackers to organised gangs. Some even operated in Mafia-like structures, with malicious hackers, programmers and data sellers reporting to managers, who in turn reported to a boss who was in charge of distributing cybercrime kits. Attackers began looking for ways to exploit vulnerabilities in software before it had been patched, operating with discretion but also in ways that embarrassed software makers, squaring the blame with them.

By 2006, we started to see cybercriminals manipulate the Microsoft Windows software called Autorun, designed to automatically launch programs from external devices. By taking advantage of this feature, cybercrooks could get Microsoft’s flagship operating system to automatically launch malicious code.

Towards the end of the decade, unique services such as Facebook, Skype and Twitter launched, offering users new ways to stay connected with their overseas counterparts by sharing photos, videos and other information. The iPhone also came to market, transforming the mobile industry into a worthy target for cybercriminals.

With the increasing popularity of social networking sites, it became easier for attackers to gain a wealth of personal information, simply by interacting with users. They manipulate these sites to discover which topics interest specific internet users and then design attacks using popular subjects as a lure. Recently, cybercriminals took advantage of Facebook users’ curiosity over who was viewing their profiles, offering a fake application that, once downloaded, would provide insights into who viewed their profiles. However, the download also included malware that would then access their contacts, spamming their Facebook friends with messages advertising the very scam they fell for.

More recently, attacks have targeted not only consumers, but corporations, government and organisations. Cybercrime now also serves as a form of social protest or rebellion. The much-debated Stuxnet worm was aimed at taking down utility companies and control systems, posing a real threat to the way our world operates today.

Looking back on the last decade, we’ve seen cybercrime emerge as a lucrative business and sophisticated operation. Looking ahead, McAfee predicts that cyberattacks will become more targeted, taking advantage of location-based services, the proliferation of mobile devices and the increasing use of social networks. As we continue to innovate, so too do cybercriminals and the way they exploit internet users, increasing the need for internet users to stay vigilant and educated on the threats that face them.

By Michael Sentonas,Chief Technology Officer, McAfee APAC