20 Years of Cyberthreats: What Have We Learned?

When it comes to cyberthreats, we have to understand the past to prepare for the future. Cybercriminals are constantly evolving their tactics and finding new ways to steal money and information from individuals and organizations, but keeping track of their behaviors and patterns makes it easier to anticipate what they may do next.

Each year, Sophos publishes its annual Threat Report, recapping the last 12 months of cyberthreats and trends in an effort to share security expertise with partners, customers, and the industry at large. Armed with this knowledge, organizations can improve their own security posture and better prepare to prevent cyberattacks going forward.

As we enter a new decade, we decided to take a look further back to when the information security industry became more mainstream and well-respected in the year 2000. As evidenced by Sophos’ report, Cyberthreats: a 20-year retrospective, the current  millennium was a turning point for the security landscape, and since then has gone through three major eras of cyberthreats.

By analyzing the key threats and events of the last 20 years, it’s clear that cybercriminals have taken the time to learn from the past and each other, to quickly adapt and innovate. Now, it’s more important than ever before that MSPs take the time to do the same: educate themselves on the history of cyberthreats, and use that information to better protect their customers.

The Worm Era: 2000-2004

In the early years of the millennium, the information security world saw some of the most prolific worms unleashed one after another. They rampaged across the internet with infection rates that could double in under 10 seconds, affect around 10% of all internet-connected hosts and, at one point, accounted for 25% of all spam.

Malware became a media sensation during this era and the worms have had a long-lasting impact on the way we do business, changed how networks are protected, and led to the creation of industry staples such as Microsoft’s Patch Tuesday. These worms caused around $100 billion in damage and mitigation costs overall and paved the way for the massive spam spreading botnets that would be used for ruthless monetization.

The Monetization Era: 2005-2012

During this era, cybercriminals got organized and cybercrime became a full-blown business. Prior to this, malware incidents were primarily motivated by curiosity, disruption, or notoriety, but at this point it became all about making money. Building on a cyberthreat landscape shaped by worms, most new threats were designed for profit, but many were still too noisy.

As a result, a new marketplace opened up for cybercriminals of differing talents. Exploit merchants found a niche within the evolving malware ecosystem. Their exploit kits helped drive “malvertising,” which took advantage of an increasingly connected world. Bulletproof hosting provided the infrastructure for all manners of cybercrime to flourish and proliferate like never before. Wherever there was the potential for financial gain, cybercriminals exploited those opportunities.

The rise of cryptocurrencies also facilitated a new money-making opportunity for attackers: ransomware.

The Ransomware Era: 2013-Present

Over the last few years, no cyberthreat has had a more destructive impact than ransomware – to date, the damages created by ransomware have run into the trillions of dollars. It has exposed many weaknesses in IT defenses, spawned new technologies and, unfortunately, has also had a profound impact on victims including healthcare providers and other critical industries.

Although ransomware is not the only defining threat of this era, many of today’s cyberattacks ultimately end with the release of ransomware and, like exploit kits, is providing a nitro-fueled boost to an already thriving cybercrime ecosystem. Other than ransomware, this era has also seen the transformational attacks of Wannacry and NotPetya, as well as a continuation of botnets, worms, spam, and the leaking of nation-state-sponsored cyberweapons.

Online payment theft, ever more sophisticated phishing, the decline of online privacy, and everything-as-a-service (which brings cyberattacks within the reach of even the lowest-skilled cybercriminals) are also playing a role in today’s increasingly complex threat landscape.


While we may never know exactly what cybercriminals plan to do next, looking back at the journey from early worms to modern ransomware does make one thing clear: cybercriminals will continue to innovate and evolve their techniques if it means it will make them more money.

Cyberthreats have come a long way in 20 years, but fortunately, so has cybersecurity to defend against them. To keep up with the ever-changing threat landscape, MSPs should partner with a vendor that is committed to sharing knowledge about emerging threats and is continuously innovating to offer the best next-generation security solutions, like Sophos Intercept X, Sophos Managed Threat Response, and Sophos Rapid Response.

Sophos is dedicated to helping partners meet the cybersecurity challenges of the current era, and new challenges as they arise. Check out Sophos News for research from SophosLabs on emerging cyberthreats and Naked Security for the latest cybersecurity industry news.

Guest blog courtesy of at Sophos. Read more Sophos blogs here.