Cybercrime trends are always changing. In the 30 years since Panda Security was founded, we’ve seen everything from computer viruses delivered from floppy disks, malicious attachments, Trojans and ransomware, to live hacking and fileless threats. In fact, paradoxically, evolution and change could be seen as the only constants in cybercrime. However, there is one other element that many of the most notorious cyberincindents of the last 30 years have had in common: vulnerabilities.
Vulnerabilities are a cybercriminal’s best friend
Vulnerabilities in operating systems and applications are one of the most popular points of entry for cybercrime. In fact, according to one study, by the end of 2020, 99% of successfully exploited vulnerabilities will be known before the incident. Here, we’re taking a look at some of the most important vulnerabilities of the last 30 years, and the incidents they have caused.
- Morris Worm (1988). To see one of the first examples of a computer virus that exploited known vulnerabilities, we have to go back to 1988, two years before the World Wide Web was invented. Morris Worm was one of the first computer worms to spread via the Internet. It exploited known vulnerabilities in Unix Sendmail, rsh/rexec, as well as weak passwords. While the creator’s intention wasn’t to cause any damage, rather to highlight security weaknesses, it caused between $100,000 and $10,000,000 in damages.
- SQL Slammer (2003). SQL Slammer is another worm that, in 2003, infected around 75,000 machines in just ten minutes. It caused denial of service for several Internet providers, and dramatically slowed down Internet traffic. In order to spread so quickly, SQL Slammer exploited a buffer overflow vulnerability in Microsoft’s SQL Server. Six months before the incident, Microsoft had released a patch to fix this bug.
- Zotob (2005). This worm, which infected systems running various Microsoft operating systems including Windows 2000, exploited various vulnerabilities, including the vulnerability MS05-039 in Plug & Play services. It forced infected machines to restart continuously; each time the computer restart, a new copy of Zotob was created. Although it didn’t affect a large number of computers, it had a major impact on its victims: It is estimated that affected companies spent an average of $97,000 on cleaning the malware from their systems and needed around 80 hours to disinfect their systems.
- Conficker (2008). Conficker is a worm that was first detected in November 2008. It exploited several vulnerabilities, including one in a network service found in several versions of Windows such as Windows XP, Windows Vista, and Windows 2000. As Conficker spread, it used the infected computers to create a botnet. It is estimated to have infected between 9 and 15 million computers. Despite how how far it spread, Conficker did not cause extensive damage.
- Stuxnet (2010). In June 2010, a cyberattack called Stuxnet managed to destroy the centrifuges at an Iranian nuclear power plant. Although Stuxnet is believed to have got onto the power plant’s systems via a pen drive, to spread, it used four zero-day vulnerabilities, as well as the same vulnerabilities that Conficker used.
- EternalBlue (2017). EtenernalBlue is the name of a vulnerability in the Microsoft Server Message Block (SMB) protocol. This vulnerability gained notoriety in 2017 when it was exploited to carry out the global WannaCry ransomware attacks. These attacks affected computers in over 150 countries and caused an estimates $4 billion dollars in damages all around the world. This vulnerability was also exploited in the NotPetya ransomware attacks. A patch was available for this vulnerability one month before WannaCry hit.
- BlueKeep (2019). In May 2019, a vulnerability was discovered in Windows operating systems called BlueKeep, which affected up to one million devices. It existed in the Remote Desktop Protocol, and one moth after it was discovered, security firms began to detect attempts to exploit this vulnerability.
These vulnerabilities are just a few of the vulnerabilities that have had an impact over the years. However, every year, tens of thousands of new vulnerabilities are discovered that can pose a serious problem for the cybersecurity of small, medium, and large organizations. This is why Panda Security offers its clients specific solutions to fix vulnerabilities, as well as resources so that they can find out about the most important vulnerabilities. In Panda Security’s 30 years of experience, we’ve seen thousands of vulnerabilities and thousands of cyberincidents caused by them. Another constant throughout all of these years is that all of our clients have always been protected.