BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    Use Cases and Industries
    See All Products
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Malware: An evolutionary story

October 20, 2017

  • Blog
  • Archive

Earlier this year, a study from IDC and the National University of Singapore (NUS) predicted that enterprises will spend around $500 billion in 2014 on making fixes and recovering from data breaches and malware. In the past few months alone, we've seen Target reveal the cost of its recent breach could reach as much as $148 million. The figures are stark, but for the uninitiated the world of malware and its history is something of a mystery. So, where did they originate? How have they changed? And what does the future of malware look like?

To answer these questions we need to start from the beginning, and the Apple 2 computer. In 1982 a 15-year old High School student called Rich Skrenta created the world's first virus, called Elk Cloner. Attached to a game and spread via floppy disk, Elk Cloner attached itself to the Apple 2 operating system and when released displayed a seven line poem informing the user they'd been infected.

Elk Cloner was a game changer. It was the first virus of its kind to spread "in the wild", outside of a laboratory environment. It paved the way for a host of other malware such as the Friday 13th virus, which infected users on that date or the Casino Virus which gave the infected user 5 credits to play with, but no matter if they win, lose or draw they'd have to re-boot their system and re-install their software.

As malware became easier to write and sites were created which gave people 'off the peg' viruses they could easily piece together - the evolution of malware started its first phase - they became accessible to all.

Advances in technology also played their part. The development of the CD-ROM and the dominance of Microsoft shifted malware from micro to macro, meaning attachments, documents, discs and programs all now posed a security risk. The CIH or Chernobyl virus in 1998, The Melissa Virus in 1999 and Love Letter in 2000, which sent millions and millions of messages worldwide with the subject "ILOVEYOU", were all high profile viruses which caused significant problems the world over.

What's notable about these types of malware is they are largely motivated by young, tech savvy individuals flexing their muscles – showing off rather than making any financial gain. With 300,000 pieces of malware now emerging every 24 hours, the bad guys have realized they can also cash in. Malware moved from being the preserve of sophisticated techies, to the weapon of choice for the savvy cybercriminal.

Ransomware, scareware and banking malware were all borne from this new era, as attacks became targeted rather than random and the terminology of malware started to get ugly.

Today, organizations are exposed to a multitude of threats, from malware finding its way on to payment systems, as seen most recently with Home Depot, to state sponsored surveillance and zero-day threats. What we can say with certainty is that malware, and the people behind it, will constantly find new, sophisticated ways to expose and exploit holes in the system.

For businesses looking to mitigate the threat of malware, it's no longer feasible to solely rely on antivirus technology. Earlier this year, Symantec's senior VP of information security described antivirus as 'dead', estimating that it only stops 45% of cyber-attacks.

Next generation attacks need a next generation response – combining proactive and reactive security strategies to layer multiple mitigation controls. This defense in depth approach ensures that if an attacker combats one security barrier, such as the perimeter firewall, there are preventative measures on the inside to contain the breach.

The best strategies are those that prioritize those controls with the biggest impact. Technologies such as privilege management and application allow listing, along with regular patching and adopting standard configurations are named by SANS and the Council on Cyber Security among others, as the most effective 'quick wins' based on real-life attacks.

You can find out more about the history of cyber threats through our infographic.

Andrew Avanessian,

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Mapping BeyondTrust Solutions to the Identity, Credential, and Access Management (ICAM) Architecture

Whitepapers

Four Key Ways Governments Can Prepare for the Growing Ransomware Threat

Whitepapers

The Operational Technology (OT) Remote Access Challenge

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.