Weathering the Cyber Storm

Russell Poole, B2B Head of Security, Telefonica UK

In my job, I work with customers day-in and day-out, finding new ways for them to protect their organisations. At the weekend, it got me thinking about how we’d got to this place, how we’ve ended up with the need for 24/7 ever more complex protection. I thought back to the origins of the first cyber-attacks.

In early 1986, two brothers from Pakistan began to receive a large number of phone calls from people in the United Kingdom, the United States and elsewhere, demanding that they disinfect their machine. Whilst the brother tried to explain to the outraged callers that their motivation had not been malicious, inadvertently the first computer virus had been released upon the world. The “BRIAN” virus was a self-replication piece of code, which utilised the boot sector of floppy disks, slowing down the drives. Initially intended to prevent illegal copies of their software, the virus quickly spread and was traced back to the brothers as they included their contact details within the code itself.

Whilst it was unintentional, malicious activity soon emerged. In 1988 the Morris worm disabled thousands of machines connected to the pre-cursor of the Internet, ARPANET and Robert Morris became the first person to be convicted under the computer misuse act.

Throughout the 1990’s the internet exploded into the mainstream. Organisations started to connect their isolated networks, leveraging the new Email and Web Browsing technologies to give greater efficiency and accessible information to the workforce. Each organisation soon had a web presence, which quickly morphed into E-commerce for many. No longer were organisational networks isolated. Links and feeds to information, customers and suppliers were now fully dependant on the global connected network.

In 2000 came the first major outbreak of an email born virus. “ILOVEYOU” was an email based worm, which deleted random files then automatically emailed itself to all address book contacts. It was estimated to have caused $10 million of damage worldwide before being brought under control. And 2004 saw Michael Calce, aka MafiaBOY, launch a series of Distributed Denial of Service attacks (DDoS), bringing down Yahoo!, eBay, CNN, Amazon and Dell in the space of a week. The same year saw the first release of a Mobile Phone virus, Cabir which attacked Symbian devices, propagating via Bluetooth connections.

Moving on to 2007 we started to see targeted attacks driven solely for financial gain. TJX, owners of TK Maxx in the UK, had 47.5 million credit card details stolen.

2010 brought the first digital weapon. The Stuxnet worm caused serious damage to an Iranian nuclear facility, damaging 20% of the nuclear centrifuges. Just the following year, RSA, one of the world leading security companies, was compromised by “advanced persistent threat” (APT) attack. Keys for their SecurID authentication devices were believed to have been stolen. Soon afterwards Lockheed Martin was breached usilising compromised RSA credentials. Gen. Keith Alexander, director of the National Security Agency, named RSA as a victim of Chinese cyberespionage.

2013 brought us the attack on the US store, Target, which was breached by hackers stealing the credentials of one of their suppliers – Fazio Services who monitor stores temperature. Just think of the scale – 40million debit and credit card details were stolen and, allegedly, it was the reason CEO, Gregg Steinhafe left the business. So, as far back as 5 years ago, we see the need for the entire board to get behind security.

The Sony Attack of 2014 was another game changer in the development of cybercrime and state sponsored attacks. Hacking group “Guardians of the Peace (GOP)” used an APT attack to steal salary details, internal emails and un-released copies of Sony Films. GOP demanded the film “The Interview” was pulled from release, to which Sony complied. The hack is believed to have cost Sony in the region of $35 million. United States intelligence officials, after evaluating the software, techniques, and network sources used in the hack, alleged that the attack was sponsored by North Korea.

2015 brings us the Talk Talk breach, in which 157,000 customer records were stolen and sold through “Dark Web” sites. Estimated to have cost Talk Talk £60m, and a loss of 100,000 customers through reputational damage. Talk Talk Share price fell by 20% and they pulled in the expertise of BAE Applied Intelligence to investigate the hack and mitigate the damage, resulting in four Teenagers being arrested for Hacking and Blackmail crimes.

In late 2016 we saw the discovery of the Gooligan Android Smartphone virus. This breaches the security of over 1 million google accounts giving hackers access to Gmail, Google Docs and Google Drive credentials.

I don’t recall any of this to scare anyone. I genuinely think it’s interesting and important to analyse how things have evolved over the years.  We certainly take the challenges security presents as extremely serious and do everyhing we can to protect our estate and address the challenges our customers face.  That’s why we have a Security portfolio to cover all aspects of the cyber environment and insight and knowledge from industry experts and leaders. We have to evolve and learn as quickly as cyber criminals and knowledge sharing is an important way to constantly evolve our portfolio and ensure our customers are protected effectively in the cyber world. Contact me to find out more.