The evolution of cyber threats and its future landscape

Abstract — This paper examines the evolution of cyber threats over the past decades, demonstrating how the progress and massive adoption of technology expand the surface of attacks, create new cyber threats, and potentialize existing ones. The future landscape is outlined, including emerging technologies and the need to invest in cybersecurity to stay ahead of the threats while balancing legal, ethical, and professional implications.

Keywords — cyber threats, risks, cyber security.

I. The early nature of cyber threats

One of the earliest and most popular references in the cyber security field originates with the Ware Report [1], written in 1967 by the computer scientist Willis H. Ware. Ware was part of a Task Force of the Defense Advanced Research Projects Agency aiming to study and suggest suitable computer security measures to protect classified information. The document lists three critical sources of vulnerabilities in computer systems: the users, the hardware, and the software. According to Ware [1], combining these elements leads to three categories of potential attacks: accidental disclosure, deliberate penetration, and active infiltration. The final report recommends a combination of hardware, software, communications, physical, personnel and administrative controls as the foundation for securing computer systems. The 1970s decade experienced the first reported cybercrimes [2]. In 1970 [3], a chief teller at the Park Avenue branch of the Union Dime Savings Bank in New York manipulated the information on the bank’s system to steal $1.5 million from hundreds of bank accounts. In 1971 [3], Bob Thomas, a computer programmer, developed what became known as the first computer virus, named Creeper. The virus infected the systems of the Advanced Research Project Agency Network (ARPANET). Later, in 1977, someone had access to the computer centre of the ICI chemical industry company and stole hundreds of original computer tapes and tried to extort the company by requesting 275.000-pound sterling [4].

II. The CIA triad: Confidentiality, Integrity, and Availability

In 1977, Ruthberg and McKenzie [5] introduced the CIA triad concept. The CIA triad is a widely accepted concept in information security that refers to the three core principles of confidentiality, integrity, and availability. Confidentiality refers to ensuring that sensitive data is protected from unauthorized access. This means that only authorized individuals or entities should access sensitive data, and that data should be encrypted or otherwise protected when transmitted or stored. Integrity refers to the principle of ensuring that data is accurate and reliable. This means that data should not be altered, tampered with, or destroyed without authorization, and any changes made to data should be tracked and monitored to ensure validity. Availability refers to the principle of ensuring that data is accessible and available to authorized users when needed. This means that data should be stored on reliable systems that authorized users can access at any time and that systems should be designed to minimize downtime or disruptions. The CIA triad is often used as a framework for developing information security policies and procedures.

III. The 1980–2000 and The Internet

The development of the World Wide Web in 1989 [6] and the development of web browsers in the early 1990s expanded the surface of attacks and led to the dissemination of new cyber threats such as malware, phishing, Hacking, and identity theft [7]. Malware is among the most common cyber threats related to the rise of the Internet, including viruses, worms, and Trojan horses, and is designed to damage, disrupt, and gain unauthorized access to computer systems or networks, spreading via email attachments, infected websites, or software downloads. Phishing is a cyber threat intended to persuade users to share personal data and is typically carried out by impersonating a reputable company or organization to request sensitive data or credentials, leading to identity theft. Cybercriminals then use stolen information to open new credit card accounts, apply for loans, or make unauthorized purchases. Finally, Hacking is an attack intended to gain unauthorized access to computer systems or networks by exploiting software breaches or vulnerabilities.

IV. The emergence of Ransomware, the growth of Cyber Spionage, and the impact of Social Engineering

With the growing use of technology came a new form of crime — cybercrime — which has evolved significantly over the past two decades [8]. From the early days of viruses and worms, cyber threats have grown in complexity and sophistication, posing significant challenges to individuals, organizations, and governments [9][10]. Malware attacks became more prevalent and sophisticated, and their impact grew significantly. Phishing emerged as a new form of cyber threat in the mid-2000s. The rise of online banking and e-commerce made phishing attacks more lucrative for cybercriminals, and they became more sophisticated over time. Ransomware [11] emerged in the early 2010s as a new form of cyber threat. It involves encrypting a victim’s data, followed by a demand for payment in exchange for the decryption key. Cyber espionage, which involves using cyber tools and techniques to steal sensitive information from governments, businesses, and individuals, emerged in the early 2010s [12] and has become a significant threat to national security, with many governments investing heavily in cybersecurity to protect against these attacks.

V. Trends and the future nature of Cyber Threats

Supply chain [13] cyber threat has become more prevalent in recent years, with high-profile attacks on companies such as SolarWinds and Microsoft. As a concrete example of a supply chain attack, on June 27, 2017, a cyber attack known as NotPetya [14] was launched in Ukraine. The attack quickly spread to other countries, affecting organizations globally. The attack started by targeting the update process of famous Ukrainian accounting software, M.E.Doc, which is used by nearly all Ukrainian companies. The attackers modified the software’s update mechanism to spread malware to other computers connected to the network. The malware used in the attack was designed to wipe out data on infected computers, making them unusable. The malware also had a built-in mechanism that allowed it to spread to other computers on the network, which led to the rapid spread of the attack. The attack affected thousands of organizations in over 64 countries, including multinational corporations such as Maersk, Merck, and FedEx. The NotPetya attack was particularly devastating to the supply chain industry. Maersk, the world’s largest shipping company, was one of the worst affected organizations. The attack disrupted Maersk’s operations, causing massive delays in shipments and costing the company hundreds of millions of dollars. The attack also affected other companies in the supply chain industry, causing delays in shipments and disruptions in supply chain operations. Another trend in recent times is the Distributed Denial-of-Service (DDoS) attacks, which involve multiple attackers targeting the same service, and can be particularly difficult to mitigate. In October 2016, a DDoS attack [15] was launched on Dyn, a Domain Name System (DNS) provider that offers services to some of the world’s most prominent websites, including Twitter, Netflix, and PayPal. The attack caused significant disruption to these services, rendering them inaccessible for hours. The attack targeted Dyn’s DNS infrastructure, which acts as a directory for the Internet, translating domain names into IP addresses. By overwhelming the servers with an enormous amount of traffic, the attackers effectively shut down the company’s DNS service. The attack was carried out using a botnet, a network of infected computers that were controlled remotely by the attackers. The botnet used in this attack was the Mirai botnet, which had been created by infecting Internet of Things (IoT) devices such as routers, cameras, and DVRs. The attackers were able to gain control of these devices by exploiting their weak security protocols. The Mirai botnet was capable of generating a massive amount of traffic, estimated to be over one terabyte per second, making it one of the most significant DDoS attacks ever recorded. The attack was also unusual in that it targeted a DNS provider rather than a specific website, causing a ripple effect that affected multiple websites. As a future outlook, Artificial intelligence (AI) must have a critical role in the future of cybersecurity [16] as it can be used to analyze large amounts of data to identify potential threats, and it can also be used to automate the response to cyber attacks. However, as AI becomes more prevalent in cybersecurity, it is also likely that cybercriminals will find ways to exploit AI systems. Future attacks might also involve the Internet of things (IoT) [16], which refers to the interconnected network of devices like smartphones, smart homes, and industrial systems. As the number of IoT devices increases, so does the potential for cyber attacks [17]. IoT devices are often poorly secured, and cybercriminals can use them to gain access to other systems. IoT attacks could have significant consequences, such as disrupting critical infrastructure or causing physical harm. Finally, Quantum computing [16] is a rapidly advancing technology that has the potential to revolutionize cybersecurity, but it also could be used to break encryption algorithms. As quantum computing advances, encryption algorithms will likely need to be updated to remain secure.

VI. potential legal, ethical, and professional issues in the future

The growing diverse nature of cyber threats poses important legal, ethical, and professional implications [18] as individuals and organizations may be held liable for damages caused by cyber-attacks, they must adhere to data protection laws and regulations, and cyber security professionals have a professional obligation to maintain the integrity of their work while adhering to ethical principles, such as responsible disclosure of vulnerabilities. The most significant implications concern privacy, intellectual property, liabilities, international criminal activity laws, ethical Hacking, and cyber warfare. Professionals, organizations, and governments need to work together and strike a balance between overlapping responsibilities and decision-making to allow for a more secure, reliable, and trustworthy technology landscape.

VII. Conclusion

Although the key elements of cyber threats — users, hardware, software, and communication — remain essentially the same as reported by Ware [1] in the 1970s, cyber threats have evolved significantly over the past decades. With a massive number of interconnected devices, the Internet of things, cloud computing, smartphones, and artificial intelligence advances, the surface of attack grew exponentially, with attackers becoming more sophisticated and their attacks more damaging. The emergence of new forms of cybercrime, such as Ransomware and Cyber Espionage, has created significant challenges for individuals, organizations, and governments. While progress has been made in the fight against cybercrime, much remains to be done to address the growing threat. The progress of advanced technologies, such as artificial intelligence and quantum computing, may provide new opportunities for cybercriminals, and it is essential that the global community continues to invest in cybersecurity to stay ahead of the threats while balancing legal, ethical, and professional implications.

Luis Henrique Soares
North Whales Management School
Wrexham Glyndwr University
Wrexham, United Kingdom
luishsr@outlook.com

References

[1] W. H. Ware, ‘Security Controls for Computer Systems: Report of Defense Science Board Task Force on Computer Security’. Santa Monica, CA: RAND Corporation, 1979.

[2] B. Akhgar, A. Staniforth and F. Bosco, Cyber Crime and Cyber Terrorism Investigator’s Handbook, Rockland, MA, USA: Syngress, 2014.

[3] L. Fosburgh, “Chief teller is accused of theft of $1.5‐million at a bank here,” The New York Times, 23-Mar-1973. [Online]. Available: [https://www.nytimes.com/1973/03/23/archives/chief-teller-is-accused-of-theft-of-15million-at-a-bank-here-teller.html](https://www.nytimes.com/1973/03/23/archives/chief-teller-is-accused-of-theft-of-15million-at-a-bank-here-teller.html). [Accessed: 04-Mar-2023].

[4] Geelof, A., 2007. Chantage om gegevens uit computer. The Netherlands, Telegraaf 12–011977, pp. 1 and 9.

[5] Z. G. Ruthberg and R. G. McKenzie, ‘Audit and Evaluation of Computer Security’, 1977.

[6] B. M. Leiner et al., ‘The past and future history of the Internet’, Communications of the ACM, vol. 40, no. 2, pp. 102–108, 1997.

[7] A. Emigh, ‘The crimeware landscape: Malware, phishing, identity theft and beyond’, Journal of Digital Forensic Practice, vol. 1, no. 3, pp. 245–260, 2006.

[8] W. Tounsi and H. Rais, ‘A survey on technical threat intelligence in the age of sophisticated cyber attacks’, Computers & Security, vol. 72, pp. 212–233, 2018.

[9] L. Bertolin Furstenau et al., ’20 Years of Scientific Evolution of Cyber Security: a Science Mapping’, 04 2020.

[10] Y. Mo et al., Cyber–Physical Security of a Smart Grid Infrastructure’, Proceedings of the IEEE, vol. 100, no. 1, pp. 195–209, 2012.

[11] A. Bendovschi, ‘Cyber-Attacks — Trends, Patterns and Security Countermeasures’, Procedia Economics and Finance, vol. 28, pp. 24–31, 2015.

[12] P. Kelley, “Evolution of Cyber Attacks and Their Economic Impact”. TechRxiv, 11-Dec-2022, doi: 10.36227/techrxiv.21670718.v1.

[13] S. Boyson, ‘Cyber supply chain risk management: Revolutionizing the strategic control of critical IT systems, Technovation, vol. 34, no. 7, pp. 342–353, 2014.

[14] A. Greenberg, ‘The untold story of NotPetya, the most devastating cyberattack in history’, Wired, August, vol. 22, 2018.

[15] J. Scott Sr and W. Summit, ‘Rise of the machines: The Dyn attack was just a practice run December 2016’, Institute for Critical Infrastructure Technology, Washington, DC, USA, 2016.

[16] S. Alam, “Cybersecurity: Past, present and future”, arXiv.org, 04-Jul-2022. [Online]. Available: https://arxiv.org/abs/2207.01227. [Accessed: 03-Mar-2023].

[17] L. L. Dhirani, E. Armstrong, and T. Newe, ‘Industrial IoT, cyber threats, and standards landscape: Evaluation and roadmap’, Sensors, vol. 21, no. 11, p. 3901, 2021.

[18] M. Christen, B. Gordijn, and M. Loi, The ethics of cybersecurity. Springer Nature, 2020.