What the Last 20 Years of Cyberthreats Have Taught Us

Three pivotal eras have shaped the cybersecurity industry into what we know it as today.

Sophos Guest Blogger

February 2, 2021

4 Min Read
Getty Images

Unless you’re a professional threat hunter, it’s nearly impossible to keep up with how quickly cybercriminals’ tactics are evolving. However, as an MSP offering security solutions, your customers expect you to be knowledgeable about the landscape of cyberthreats and serve as a trusted security advisor, especially during challenging times or in the event of a major security incident, like the recent SolarWinds attack.

While the history of cyberthreats is vast and complex, information security has experienced three pivotal eras over the last 20 years that have shaped the cybersecurity industry into what we know it as today. Sophos recognizes that partners need access to resources on this history to help improve their own cybersecurity posture and empower them to better protect and advise their customers.

This is why Sophos recently published its report Cyberthreats: a 20-year retrospective, detailing how cybercriminals have innovated and the security landscape has evolved over the last two decades. By having a clear understanding of the past, partners can better prepare for the future and ensure organizations are protected from all forms of cyberthreats.

The Worm Era: 2000-2004

In the early years of the millennium, the information security world saw some of the most prolific worms unleashed one after another. They rampaged across the internet with infection rates that could double in under 10 seconds, affect around 10% of all internet-connected hosts and, at one point, accounted for 25% of all spam.

Malware became a media sensation during this era, and the worms have had a long-lasting impact on the way we do business, changed how networks are protected and led to the creation of industry staples such as Microsoft’s Patch Tuesday. These worms caused around $100 billion in damage and mitigation costs overall, and paved the way for the massive spam spreading botnets that would be used for ruthless monetization.

The Monetization Era: 2005-2012

During this era, cybercriminals got organized and cybercrime became a full-blown business. Prior to this, malware incidents were primarily motivated by curiosity, disruption, or notoriety but at this point it became all about making money. Building on a cyberthreat landscape shaped by worms, most new threats were designed for profit, but many were still too noisy.

As a result, a new marketplace opened up for cybercriminals of differing talents. Exploit merchants found a niche within the evolving malware ecosystem. Their exploit kits helped drive “malvertising,” which took advantage of an increasingly connected world. Bulletproof hosting provided the infrastructure for all manners of cybercrime to flourish and proliferate like never before. Wherever there was the potential for financial gain, cybercriminals exploited those opportunities.

The rise of cryptocurrencies also facilitated a new money-making opportunity for attackers: ransomware.

The Ransomware Era: 2013-Present

Over the last few years, no cyberthreat has had a more destructive impact than ransomware. To date, the damages created by ransomware have run into the trillions of dollars. It has exposed many weaknesses in IT defenses and spawned new technologies. And, unfortunately, ransomware has also had a profound impact on victims, including healthcare providers and other critical industries.

Although ransomware is not the only defining threat of this era, many of today’s cyberattacks ultimately end with the release of ransomware. And, like exploit kits, ransomware is providing a nitro-fueled boost to an already thriving cybercrime ecosystem. Other than ransomware, this era has also seen the transformational attacks of Wannacry and NotPetya, as well as a continuation of botnets, worms, spam and the leaking of nation-state-sponsored cyberweapons.

Online payment theft, ever more sophisticated phishing, the decline of online privacy and everything-as-a-service (which brings cyberattacks within the reach of even the lowest-skilled cybercriminals) are also playing a role in today’s increasingly complex threat landscape.


While we may never know exactly what cybercriminals plan to do next, looking back at the journey from early worms to modern ransomware does make one thing clear: Cybercriminals will continue to innovate and evolve their techniques if it means it will make them more money.

Cyberthreats have come a long way in 20 years, but, fortunately, so has cybersecurity to defend against them. To keep up with the ever-changing threat landscape, MSPs should partner with a vendor that is committed to sharing knowledge about emerging threats and is continuously innovating to offer the best next-generation security solutions, like Sophos Intercept X, Sophos Managed Threat Response and Sophos Rapid Response.

Sophos is dedicated to helping partners meet the cybersecurity challenges of the current era and new challenges as they arise. Check out Sophos News for research from SophosLabs on emerging cyberthreats and Naked Security for the latest cybersecurity industry news.

This guest blog is part of a Channel Futures sponsorship.

Read more about:

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like