A brief history of cyber-threats — from 2000 to 2020

Carl Sagan once famously said: “You have to know the past to understand the present.” Past events can illuminate future trends, according to commonly-held wisdom — and cybersecurity is no exception.

Annual threat reports provide security teams with an opportunity to reflect on the significant cyber-events of the past 12 months, with an aim to identify trends for future development, ideally translating into better protection.

But while the annual report is helpful, an account of the past 20 years in cybersecurity, throughout which the information security industry was born and matured, is much more valuable.

Many significant cybersecurity events have occurred since the year 2000 — not every one of them ‘firsts’, but all of them correlating with a change in security behaviour or protection.

Here is a 20-year retrospective of the world’s cyber-threats, presented by Sophos.


2000-2004 — The Worm Era

This era saw some of the most prolific worms the information security industry has ever seen, costing over $100 billion in damages and remediation costs. It also marks the beginning of malware as a mainstream media sensation.

First, there was the ILOVEYOU worm, launched in 2000, which targeted Microsoft Outlook users and infected at least 10% of internet-connected hosts in a matter of hours and caused up to $15 billion in damages.

In response, Microsoft released an update to Outlook with changes aimed at combating the worst symptoms of ILOVEYOU, including preventing users from accessing unsafe attachments and warning users if a program tried to send mail on their behalf.

Then came a veritable wave of worms, which broadened horizons beyond Outlook and targeted operating system vulnerabilities and network infrastructure.

In chronological order, here are the worms of the early aughts:

  • CodeRed (July 2001)
  • Code Red II (August 2001)
  • Nimda (September 2001)
  • SQL Slammer (January 2003)
  • Blaster (August 2003)
  • Welchia (August 2003)
  • Sobig.F (August 2003)
  • Sober (October 2003)
  • Bagle (January 2004)
  • MyDoom (January 2004)
  • Netsky (February 2004)
  • Sasser (April 2004)

Many of these worms abused buffer overflow vulnerabilities in various versions of Windows,…