Today marks 30 years since the release of the Morris Worm. Released in 1988, the Morris Worm was one of the first computer worms, unleashed after an experiment reportedly intended to gage the size of the Internet went wrong.
What was the Morris Worm?
30 years ago, Robert Tappan Morris, a graduate student at Cornell University in the US, developed a programme that exploited vulnerabilities in sendmail software to install versions of a programme on internet-connected computers, so that the number of computers online could be counted.
However, an error in the programming meant that the worm spread far faster than Morris had predicted, installing itself numerous times on each computer, and ended up infecting an estimated 10% of the 60,000 computers online at the time.
The unnecessary processing triggered by computers becoming clogged with multiple copies of the worm caused the machines to crash and led to disruptions in online connectivity. The estimated cost of repairs was between $200-$53,000 per location.
This is the first example of Distributed Denial of Service (DDoS) attack and as a result of the chaos it caused, Morris became the first person to be convicted under the 1986 Computer Fraud and Abuse Act.
The first ever DDos attack
The Morris Worm was the first widespread cyberattack, and for many it represents a wake-up call for just how easily the vulnerabilities of the internet could be exploited, something those outside of the tech sphere were not previously aware of.
Prior to the worm, the majority of internet users, who at this point were largely academics and engineers, were not concerned about malicious software, let alone having any kind of protective software installed.
The damage caused by the worm highlighted that internet security was something that needed to be taken seriously, and led the Defense Advanced Research Projects Agency to establish the CERT Coordination Center. It also prompted attempts to prevent similar attacks from occurring.
Worms are still a major problem
Since 1988, a number of worms such as Code Red, Blaster, Sasser and ILoveYou, have wrecked varying levels of havoc, and preventing the spread of worms is an ongoing challenge for the cybersecurity industry.
In 2017, a piece of Malware, called NotPetya, spread to Microsoft Windows PCs around the world, largely based in Ukraine, scrambling data and asking for a cryptocurrency ransom to restore it. The attack was attributed to the Russian military.
Although internet security has come a long way since 1988, so have cyberattacks and with more than 20 billion devices now online, so has scale of the damage they can cause.
Despite recent cyberattacks catching the public’s attention, many organisations remain ill-prepared, meaning it is still possible to exploit weak passwords and computer systems.
Many organisations have been criticised for not implementing stringent cybersecurity measures, with cyberattacks costing UK companies alone an estimated £42bn since 2013. However, these are not just caused by malicious attacks as the majority are due to data breaches caused by human error.
Two experts give their views
A reports cybersecurity firm Radware found that two thirds of businesses believe their systems are vulnerable to cyberattacks, but many still fail to implement essential security measures such as keeping software up-to-date, reporting incidents quickly, and educating employees on good cybersecurity practices.
Matt Walmsley, EMEA Director at Vectra believes that this leaves many vulnerable to worms:
“Whilst worms are nothing new, their ability to spread like wildfire makes them a tantalising prospect for threat actors as a means to propagate threat payloads over networks at machine speed. Just ask any of the enterprises impacted by WannaCry about the scope and speed it hit them, and the disruption caused.
“This venerable technique has longevity, and we will continue to see it used as a component in opportunistic attacks – why? Because too many enterprises remain unable to spot to worm reconnaissance and lateral movement behaviours, and security analysts and threat hunters cannot operate at the speed and scale required to manually identify the threat and close down their lines of communication and movement.
He believes that artificial intelligence may be one way of combatting malicious attacks:
“It is here that automation, powered by AI, is increasingly being deployed to constantly monitor and detect in real-time such attack behaviours and automate some, or all, of the quarantine and remediation actions necessary. AI augments not replaces the human, and it is making the difference between containing an attack in its early stages or dealing a full-blown enterprise-crippling security incident.”
Alex Hinchliffe, Threat Intelligence Analyst, Unit 42, Palo Alto Networks comments:
“There are still organisations relying on the same basic protections as the victims of the Morris worm; notably, weak passwords. Organisations continue to get pummelled by cyber attacks, and the advent of cloud computing, Bring Your Own Device (BYOD) and Internet of Things devices means organisations are more exposed than ever before.
“Relying on passwords as the only line of defence puts organisation at risk for identify theft and/or a significant security breach, especially when individuals use the same, or similar, passwords for more than one site. It’s crucial that two-factor or multi-factor authentication become standard practice at your companies.
“It’s also worth noting that the spread of the Morris worm was halted the day after it was first spotted due to software patching, which mitigated against the vulnerabilities harnessed by the malware to gain control. It is a must for organisations to regularly patch and have systems in place to identify when a vendor has released a new patch.”