The only constant is that things change - the way cyber threats have evolved
Håkan Ahrefors, IT manager and security specialist at Advenica, reflects about the development of cyberattacks.
There are many statements that follows the theme: “the only thing constant is that things change”. In 2023, Advenica turns 30 and it makes me think in terms of what has changed. One thing that has been a "constant" is the change in the tug-of-war between attack and defence of IT systems.
IT systems have been under attack for a long time, but the approaches and reasons thereof have shifted. While the technical details of an attack vary with the technology used in the systems, there are also variations on a more conceptual level. Let us take a somewhat unscientific look at a couple of aspects of "malicious" behavior that vary:
a) Does the attacker want to be seen or stay hidden?
b) Does the attacker want to reach individuals or as many targets as possible?
c) Are the attacks driven out of interest and curiosity or to earn material things?
d) Is it individual perpetrators, a group of people or a state behind it?
The type of attackers, as well as their goals, is a historical journey from mainly lone curious "geeks" 40-50 years ago, to today's industrial ransomware groups. It looks something like this:
Of course, this is a grossly simplified image. Even today, there are still individuals who hack things for the sole sake of their own curiosity, but that is not the focus. An interesting shift occurs in the transition to identity theft and fraud. This is where the root of all evil appears. $$$! Once it becomes possible to earn something material, usually money, from an action, albeit a criminal one, the playing field changes in a way that becomes difficult for defenders to keep up with.
Some ransomware groups today are run more or less like multinational companies with an associated help desk and support functions. Defending against these threats is challenging – especially as an individual or as a small business, but also large companies and institutions have been disrupted over the years by the rise of ransomware.
Is it important to think back? Do we have to learn from history? Well, to meet today's threats, you cannot stay in the past. Regardless of the situation, sometimes you need to take time to think. It is in moments of reflection that one can stop and realise what change is required. It is also the case that, on a conceptual level, many of the issues we wrestle with have already been battered by repeated generations.
Sometimes I come across some declassified old report from the US DoD (Department of Defense) of the 70’s/80’s where they describe a struggle with the EXACT same security issues that we ourselves still are challenged by.
So, looking back not only provides important time for reflection. It provides a way to learn.
Håkan Ahrefors, IT Manager and security specialist