Skip to main content
Springer Nature Link
Log in

The Cybersecurity Challenge

  • Chapter
  • First Online:
IT Security Controls

  • 2323 Accesses

Abstract

More than two decades ago, computer users were terrified that a destructive and undetected virus called CIH might be present in the memory of their computers and become active on April 26 and delete programs in hard drives, flash the BIOS, and brick the motherboard. The date was chosen as it is the anniversary of the Chernobyl nuclear meltdown. Back then, IT support staff informed users not to open their PCs on that date so that it would not be activated. All the leading antivirus companies at the time developed fixes for that virus, and it was estimated that the virus caused damage equivalent to $250 million to $1 billion. Not long after that, an email arrived at users’ mailboxes with the subject “ILOVEYOU” and containing a Visual Basic Script attachment (Figure 1-1). This email used social engineering to trick users into opening the attachment. When opened, it exploited a Microsoft Outlook vulnerability, changed the file name extensions, and spread via email using the infected computer contacts. The ILOVEYOU worm infected 50 million computing systems with some impact on many government bodies, intelligence agencies, and military institutions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+
from €37.37 /Month
  • Starting from 10 chapters or articles per month
  • Access and download chapters and articles from more than 300k books and 2,500 journals
  • Cancel anytime
View plans

Buy Now

eBook
EUR 17.99
Price includes VAT (Netherlands)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
EUR 70.84
Price includes VAT (Netherlands)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Explore related subjects

Discover the latest articles, books and news in related subjects, suggested using machine learning.

Notes

  1. 1.

    www.zdnet.com/article/cih-one-year-later/

  2. 2.

    https://en.wikipedia.org/wiki/CIH_(computer_virus)

  3. 3.

    https://en.wikipedia.org/wiki/ILOVEYOU

  4. 4.

    www.fireeye.com/current-threats/apt-groups.html

  5. 5.

    Kushner, David. “The Real Story of Stuxnet.” IEEE Spectrum.

  6. 6.

    Wikipedia. “Flame (malware).” https://en.wikipedia.org/w/index.php?title=Flame_(malware)&oldid=1020516460. (April 29, 2021.

  7. 7.

    Wikipedia. “WannaCry ransomware attack.” https://en.wikipedia.org/w/index.php?title=WannaCry_ransomware_attack&oldid=1023190294. May 14, 2021.

  8. 8.

    https://en.wikipedia.org/wiki/Anonymous_(hacker_group)

  9. 9.

    https://en.wikipedia.org/wiki/LulzSec

  10. 10.

    www.echosec.net/darknet

  11. 11.

    https://en.wikipedia.org/wiki/EternalBlue

  12. 12.

    Report APT1: Exposing One of China’s Cyber Espionage Units.” February 18, 2013.

  13. 13.

    www.fireeye.com/blog/threat-research/2013/02/mandiant-exposes-apt1-chinas-cyber-espionage-units.html

  14. 14.

    www.nytimes.com/2007/05/28/business/worldbusiness/28iht-cyberwar.4.5901141.html?smid=url-share

  15. 15.

    https://en.wikipedia.org/wiki/2007_cyberattacks_on_Estonia

  16. 16.

    https://ccdcoe.org/

  17. 17.

    Lynn, William J. III. “Defending a New Domain: The Pentagon’s Cyberstrategy”, Foreign Affairs, Sept/Oct. 2010, pp. 97–108.

  18. 18.

    www.verizon.com/business/resources/reports/dbir/

  19. 19.

    https://github.com/vz-risk/dbir/tree/gh-pages/2021

  20. 20.

    www.verizon.com/business/resources/reports/dbir/2021/masters-guide/summary-of-findings/

  21. 21.

    www.cvedetails.com

  22. 22.

    2021 as of end of May

  23. 23.

    Schneier, Bruce. “Attack Trees.” Dr Dobb’s Journal, v.24, n.12. December 1999

  24. 24.

    https://owasp.org/www-community/Threat_Modeling

  25. 25.

    www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html

  26. 26.

    Shostack, A. Threat Modeling: Designing for Security. Wiley, 2014.

  27. 27.

    Allsopp, W. Unauthorized Access: Physical Penetration Testing for IT Security Teams. Wiley, 2009.

  28. 28.

    www.juran.com/blog/a-guide-to-the-pareto-principle-80-20-rule-pareto-analysis/

  29. 29.

    www.cisecurity.org/controls/v8/

  30. 30.

    https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/families?version=5.1

  31. 31.

    www.iso.org/isoiec-27001-information-security.html

  32. 32.

    www.isc2.org/Certifications/CISSP

Author information

Authors and Affiliations

  1. Doha, Qatar

    Virgilio Viegas & Oben Kuyucu

Authors
  1. Virgilio Viegas
    View author publications

    Search author on:PubMed Google Scholar

  2. Oben Kuyucu
    View author publications

    Search author on:PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to APress Media, LLC, part of Springer Nature

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Viegas, V., Kuyucu, O. (2022). The Cybersecurity Challenge. In: IT Security Controls. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-7799-7_1

Download citation

Publish with us

Policies and ethics