5th and 6th Generation of cyberattacks
In the last quarter of the century, cyberattacks and security protection have advanced rapidly. And of the 15 largest data breaches in history, 10 took place in the past decade. Each involved the theft of tens or hundreds of millions of records — such as login credentials, financial information, or personal data — adding up to nearly 4 billion records stolen in total over the past 10 years.
Nowadays it is easy to identify the different generations of attacks and security products that protect against them.
However, today the velocity of attack evolution is far outpacing the level of security that businesses have deployed. The level of security deployed by businesses cannot lag behind the level of attacks coming at them. Today’s attacks are the most advanced and impactful we’ve ever seen and yet the security deployed by most businesses is generationally outdated and incapable of protecting against these attacks.
To better understand the idea of cyberattack generations, we need to go back to the early days of the Internet and see how we define different generations of cyber threats. Since the ’80s, we’ve seen an evolution of cyberattacks which transformed the way we protect our information. This transformation is directly linked to the unique role the Internet has taken in our lives.
The first generation of attacks was focused on our personal computers. Computer viruses, which were mainly dealt with through anti-virus software, marked these versions of early attacks. This era is where “hacker in his parent’s basement” originated. The term “computer hacking” and ultimately “hacking” became the common reference in the 1980s to refer to those who write software programs to disrupt or attack computers. The hackers were mostly inquisitive teenagers hacking for the sheer fun and challenge of breaking into systems. Writing viruses was also done in the pursuit of knowledge and to build a personal reputation as a creator of clever programs. Evolving beyond individuals, the hacker underground advanced and organized through Bulletin Board Systems (BBS) which granted anonymity and freedom to share knowledge and trophies among peers
The second generation of cyber threats was more sophisticated and struck during the 90s. Second generation cyber threats were focused on networks connected to the Internet. With networks connecting computers and the Internet connecting governments, businesses and the public, the gates were opened for the broad and rapid spread of malicious and volatile software. This unencumbered access to anything and everything connected led to the development of the network firewall.
As we entered the 2000s, and as the digital world adopted the mass use of applications, we entered the third generation of cyber threats, which were focused on exploiting vulnerabilities in these applications. And vulnerabilities were plentiful. At any given time, multiples of them existed in operating systems, applications – any element of an IT infrastructure had vulnerabilities that an adept attacker could take advantage of to gain access to a private network. Attacks targeting vulnerabilities could not be effectively stopped by firewalls, anti-virus or Intrusion Detection System (IDS) products. So, IDS products advanced into Intrusion Prevention Systems (IPS) to not only detect but to prevent attacks targeting vulnerabilities.
Starting in 2010, the world began to cope with zero-day threats, marking the advent of the fourth generation of cyber attacks. The fourth-generation represented attacks that were based on highly evasive polymorphic content, bypassing traditional defenses, becoming attacks that were not known before, hence the name: zero-day. Check Point used behavioral analysis tools to tackle these specific types of threats. In this generation, the generic “attackers” evolve into a more organized and more formidable force. They become truly professionally organized crime entities and nation-states leverage their cyber forces essentially as an arm of their military – all for manufacturing cyberattacks for money or disruption or both.
In the past 2-3 years, we quickly entered the phase of fifth-generation attacks. These attacks were large-scale attacks based on government-sponsored technologies, which were leaked to the Internet. As I said, these attacks were also multi-vectored, meaning hackers attack all fronts all at once – network, cloud, and mobile devices. These specific attack types were seen in the 2017 WannaCry and NotPetya attacks. Fifth-generation attacks exploited the connected and device-driven world we live in today since our data is dispersed on the many different platforms we all use. The 5th-generation attacks move very fast and in mere hours infect large numbers of businesses and entities across large geographic regions. Yes, the viruses of earlier generations also moved fast but these 5th generation attacks are fast and highly sophisticated, stealthy— and successful. For example, the WannaCry attack leveraged a tool called EternalBlue that was developed by the United States National Security Agency and was presumably unintentionally leaked to the cyber world. The tool exploited vulnerabilities in Microsoft Windows XP to many different attacker whims from ransomware to pure disruption. 5th generation attacks are an escalated threat over prior generations because they are multi-vector and mega because they can infiltrate and quickly and silently proliferate from and to any vector of an IT infrastructure including networks, cloud instances, remote offices, endpoints, mobile devices, 3rd parties and more.
Now, regarding sixth generations attacks that are coming soon, we are already working hard to prevent these. Our approach is based on the same methodology described above: understanding where the digital world is taking us and providing the necessary protections. As we move into an era of far more connectivity – autonomous cars, millions of connected IoT (Internet of Things) devices on all fronts (medical, smart cities and homes etc.), we will need to provide security mechanisms based on AI, which will enable us to control the security of these millions of devices through a consolidated security mechanism.
The bottom line is that the more connected we all become – the more vulnerable we all become. Our information, which is shared on all of these connected devices, will need higher levels of protection.
Is this fear justified?
In short, Gen V and Gen VI cyberattacks differ from previous cyberattack generations because these are multi-vector and polymorphic attacks. For example, the attack may start with your smartphone and end up shutting down your datacenter after going through your cloud. These attacks disguise themselves in a much better way. They will use different content each time or can disguise themselves with legitimate actions of apps (for example, an Ad content that can turn into malware).