Exactly
46 years ago today, on October 29, 1969, the first bits of data were sent over
long distance between two computers … and Internet was born. Admittedly, only first
two letters of the word "login" really made it to their intended
destination, it was the first step to a massive change that was about to impact
billions of lives world-wide. European
Cyber Security Month and International
Internet Day present a great
opportunity to remember how this global venture and its security has evolved.
Can you imagine how much the Internet has changed
since the late 60’s? Just compare the first webpage ever
with almost anything you see online today. Not mentioning that Internet
companies are providing jobs for millions around the planet. Pretty impressive,
right?
And it wasn’t only the content that has
made such a great leap forward. Also cyber security has become more challenging
and complicated, demanding more and more attention and resources.
Imagine Internet in its beginnings. It was more
of a safe, quaint town, where almost everybody knows everybody else by their
first name. Even malware was less harmful back then. For example the Creeper in
1971 was only an experimental self-replicating program very much innocent, even
in its intent that has peacefully spread through the Internet, displaying a
simple message “I'm the Creeper, catch me if you can!”
It was more along the lines of “look at me”
and it didn’t have the ambition to do much damage. The first threat that has actually
made it to news headlines was Morris
Worm, arriving in the late 80’s.
Distributed via the Internet, it has by
some conservative
estimates infected around 10 percent of all, then nearly 60-thousand computers
connected to this mysterious medium, effectively crashing them. With damages
estimated by US Court of Appeals at a 100,000 to 10 million USD (although
there were some saying it ranged up to 98 million USD) it “earned” its
author three years of probation, 400 hours of community service, and a fine of
over 10,000 dollars.
Megalopolis
and its villains
And then the big bang came. Between 1996
and 2008, the number of websites has jumped from 100,000 to 162 million and the
Internet started to resemble a global super city, where billions of citizens
live out their everyday lives amongst the new emerging dangers.
Unfortunately this legacy is alive and well
today and not everyone can be too sure to tell the difference between the safe boroughs
and the dangerous dark alleys and distinguish the good guys from the bad. Malware
tactics have changed too, becoming truly aggressive. Currently, it is not
uncommon to see malicious
software extorting users for money, stealing credentials or trying to take
over their devices. But that doesn’t satisfy malicious users, who are also
actively orchestrating a different form of attacks.
Through direct contact with the user, and
by applying social engineering techniques, they are trying to dupe the victims and
obtain their sensitive information, such as credit cards details, passwords or
even their online identity through phishing (via malicious emails) or fake
websites, which are laden with malware.
Even more advanced is the so-called APT
tactic (Advanced Persistent Threat). It is very well organized and funded,
stealthy and strongly focused on compromising specific commercial or
governmental targets. And its aim? To use social engineering and malware to
exploit vulnerabilities in order to extract valuable data and establish
long-term presence in the victim’s network.
From
Reaper to a more complex security
So we have learned our lessons. Or have we?
Today’s IT defenses are beefed up across the board, so even without the proper
knowledge, the risks can be at least partially reduced right off the bat. Since
the first simple “antivirus” designed to defeat Creeper – fittingly named
Reaper – security
solutions have become exponentially more complex, offering a wide range of
security services.
For example, today’s security software can
offer a safer online experience, by identifying malware just by the way
it behaves. At the same time, it can safeguard users from spam, phishing or
social engineering tricks pulled by malicious actors.
With booming Internet payments and online banking,
some of the solutions are also offering safer ways to do online transactions,
casting a security net around the financial details being exchanged.
Even losing a smartphone or tablet doesn’t
have to mean kissing your privacy and security good-bye. Some of today’s
software offers to track down a missing device to where you left it, or even
wipe its data
remotely in case it gets stolen.
But first and foremost, the users need to
start taking better care of their safety themselves. And the International
Internet Day is a good opportunity to remind us all of some of the best practices to apply
day-to-day.