Oct. 03--NEW DELHI -- When a 23-year-old Cornell University student playfully wrote a self-replicating computer code and uploaded it on the Internet to see how fast it would spread, it ended up infecting 10% of all systems connected to the Internet.
That was in 1988. The malicious code, now known as the 'Morris worm' after its creator Robert Tappan Morris, ended up bringing down 6,000 Unix servers at an estimated cost of $100,000-$10,000,000. It was the first incident that opened the world to the idea of cyber threats and attracted the attention of industry and media.
Twenty five years later, the cyber threat landscape has changed dramatically.
From cyber-attacks meant for financial gains to stealing information from companies and governments, the world has already seen cyber-attacks that border on cyber warfare, one of the historical examples being the 2010 cyber-attack on Iran's nuclear facility through a virus called Stuxnet, which allegedly brought down the facility for over six months.
These cyber-attacks are conducted using a variety of methods and technologies -- from simple spamming and phishing (impersonating an entity such as a bank to obtain information) to using more sophisticated botnets and malware (viruses, worms, Trojan horses, etc.) to take control of a system or an entire network.
Evolution of cyber threats
"Initial hacking incidents were about making cheap or free calls on international toll numbers by university students. 5-10 years later, it became more about proving a point," said Diwakar Dayal, lead, security, borderless networks sales, India and Saarc, at Cisco Systems Inc. "Group of students or rebels would deface websites to show dissatisfaction. It was more of a playful nature rather than of criminal nature."
That was an era of macro viruses, which primarily infect a system by multiplying their presence and causing traffic, thus increasing the load on the system. The intention was to slow down or crash the networks.
Cyber security experts believe it was only in 2003-04 that a new breed of hackers -- with advanced expertise in computing -- began to emerge.
"By early 2000s, new-age hackers started coming into the picture and these were not students but people who were professionals hired for hacking. They exploited operating systems, personal computers as well as enterprise web applications," says Dayal. "The agenda was to cause collateral damage so that they could either make a lot of money by blackmailing the compromised organizations or could steal data to sell in some particular market."
The inflection points
The inflection point that changed the cyber threat landscape came in 2007 with the launch of the first iPhone by Apple Inc.
"Earlier, power of computing was limited to mainframe. Since last 15 years, it started functioning on personal computers and laptops. But what happened with iPads and iPhones is that the computing power came into a device in your hand," says Dayal. "The whole new smartphone wave triggered the mobility revolution. It was the threat evolution coming on steroids."
This meant hackers didn't need to attack a big server in a safe data centre in some remote country.
"They could get access to data residing in those servers from someone who is trying to get connected to that server from his phone and do collateral damage," Dayal adds. "That was the first mega trend which caused threats to multiply with a very alarming rate."
The other mega trends that multiplied inflection points include virtualization and cloud computing -- that make accessing and computing data possible from servers located remotely -- which made the power of computing cheaper by distributing it across various servers.
With the evolution of the Internet, the nature of cyber threat has changed from noisy to silent, says Vinayak Godse, director, data protection, Data Security Council of India (DSCI), a part of industry body Nasscom.
"The attacks have become targeted and sharp. They don't try to show their presence and wait for the appropriate opportunit