Cybercrime trends are constantly changing. In the 30 years that have passed since the creation of Panda Security, we have seen it all, from computer viruses transmitted by floppy disks, malicious attachments, Trojans and ransomware, to live hacking and file-less threats . In fact, evolution and change can, paradoxically, be viewed as the only constants of cybercrime. There is one thing, however, that many of the most notorious cyber incidents of the past 30 years have in common: vulnerabilities.
Vulnerabilities Are Cybercriminal’s Best Friends
One of the most popular entry points for cybercriminals is operating system and application vulnerabilities. According to a study, by the end of 2020,
99% of the exploited vulnerabilities will be known before the incident. Here we look at some of the most significant vulnerabilities of the past 30 years, as well as the incidents they have caused.
• Morris Worm (1988). To see one of the first examples of computer viruses that exploited known vulnerabilities, you have to go back to 1988, two years before the invention of the World Wide Web. The Morris worm was one of the first computer worms to spread via the Internet. It exploited known vulnerabilities in Unix Sendmail, rsh / rexec, as well as weak passwords. Although the creator’s intention was not to cause damage, but rather to highlight security weaknesses, it did cause damage between $ 100,000 and $ 10,000,000.
• SQL Slammer (2003). SQL Slammer is another worm that, in 2003, infected about 75,000 machines in just ten minutes. It has caused a denial of service to several Internet service providers and has considerably slowed down Internet traffic. To be able to spread so quickly, SQL Slammer has exploited a buffer overflow vulnerability in Microsoft SQL Server. Six months before the incident, Microsoft had released a patch to correct this bug.
• Zotob (2005). This worm, which has infected systems running on various Microsoft operating systems, including Windows 2000, has exploited various vulnerabilities, including the vulnerability MS05-039 in Plug & Play services. It forced infected machines to restart continuously; each time the computer was restarted, a new copy of Zotob was created. Although it did not hit a large number of computers, this attack had a major impact on its victims: It is estimated that the affected companies spent an average of $ 97,000 to clean up malicious code from their systems and needed about 80 hours on average to disinfect their systems.
• Conficker (2008). Conficker is a worm which was first detected in November 2008. It exploited several vulnerabilities, including that of a network service present in several versions of Windows such as Windows XP, Windows Vista and Windows 2000. When Conficker propagated, he used the infected computers to create a network of zombie computers (botnet). It is estimated that it infected between 9 and 15 million computers. Despite the extent of its spread, Conficker has not caused significant damage.
• Stuxnet (2010). In June 2010, a cyber attack called Stuxnet successfully destroyed the centrifuges at an Iranian nuclear power plant. Although Stuxnet would have entered the central systems via a USB key, it used four zero-day vulnerabilities to spread, as well as the same vulnerabilities as those used by Conficker .
• EternalBlue (2017). EtenernalBlue is the name of a vulnerability in the Microsoft Server Message Block (SMB) protocol. This vulnerability gained notoriety in 2017 when it was exploited to lead global attacks on the WannaCry ransomware. These attacks have affected computers in more than 150 countries, causing damage estimated at $ 4 billion worldwide. This vulnerability has also been exploited during attacks by the NotPetya ransomware. However, a patch was available for this vulnerability one month before the launch of WannaCry.
• BlueKeep (2019). In May 2019, a vulnerability was discovered in Windows operating systems called BlueKeep, which has affected up to one million devices. It was in the Remote Desktop Protocol (RDP), and a month after its discovery, security companies began to detect attempts to exploit this vulnerability.
These vulnerabilities are just a few of those that have had an impact over the years. However, each year, tens of thousands of new vulnerabilities are discovered, which can pose a serious problem for the cybersecurity of any organization. This is why Panda Security offers its customers specific solutions to correct vulnerabilities, as well as resources so that they can identify the most important vulnerabilities. In the 30 years of Panda Security’s experience, we have seen thousands of vulnerabilities and the thousands of cyber incidents caused by them.
The other constant of all these years is that our customers have always been protected from it.