1.888.900.DRIZ (3749)
The Driz Group
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog

Cybersecurity Blog

Thought leadership. Threat analysis. Cybersecurity news and alerts.

11/5/2018

0 Comments

Look Back into the First Major Cyberattack: The Morris Worm

 
The Morris Worm

Look Back into the First Major Cyberattack: The Morris Worm

Thirty years ago, the Morris worm, dubbed as the first major cyberattack, was unleashed into the wild, crashing or slowing to a crawl 10% or 6,000 of the 60,000 computers then connected to the “Internet”. 

What Is Morris Worm?

Morris worm is named after its creator Robert Tappan Morris. A worm, meanwhile, refers to a type of malicious software (malware) that has the ability to spread itself within networks without user interaction.

Courtdocuments showed that Morris, then a first-year graduate student at Cornell University's computer science Ph.D. program, released the worm on November 2, 1988 through a computer at the Massachusetts Institute of Technology (MIT), which Morris hacked using a Cornell University's computer.

Morris worm was released into the wild a year before the world wide web came into existence. The term “Internet” then referred to a U.S. computer network, composed of connected computers from prestigious colleges, research centers, governmental and military agencies.

In less than 24 hours on November 2, 1988, Morris worm infected the computers of institutions, including Harvard, Princeton, Stanford, Johns Hopkins, National Aeronautics and Space Administration (NASA) and the Lawrence Livermore National Laboratory.

While the worm didn’t destroy or damage files, infected computers slowed to a crawl or ceased functioning and emails were delayed for days. The estimated cost of dealing with the Morris worm at each installation ranged from $200 to over $53,000.

The worm infected computers running a specific version of the Unix operating system in 4 ways:

First, via a security vulnerability in “SEND MAIL”, a computer program that transfers and receives electronic mail;

Second, via a security vulnerability in the "finger demon", a computer program that allows extraction of limited information about the users of another computer;

Third, via "trusted hosts" feature that allows a user with certain privileges on one computer to have equivalent privileges on another computer without using a password; and

Fourth, via a program that guesses passwords using various combinations of letters tried out in rapid succession, hoping that one will be an authorized user's password. When the correct password is entered, the intruder is allowed whatever level of activity that the user is authorized to perform.

Morris designed the worm to stay hidden. The worm was designed in such a way that it won’t copy itself onto a computer that already had a copy. The worm was also designed in such a way that it would be killed when a computer was shut down.

Consequences of the Morris Worm

For unleashing the worm into the wild, Morris became the first person convicted for violating the U.S. Computer Fraud and Abuse Act, which outlaws unauthorized access to protected computers. He was sentenced to 3 years of probation, 400 hours of community service, a fine of $10,050 and the costs of his supervision.

The first major cyberattack perpetrated by the Morris worm showed how vulnerable interconnected computers had become. Just days after the Morris worm attack, the U.S. Government created the country’s first computer emergency response team under the direction of the Department of Defense. Developers also began creating intrusion detection software.

On the flip side, the Morris worm inspired a new breed of malicious hackers, plaguing the digital age. In recent memory, the worm that resembles the devastation caused by Morris worm is the WannaCry worm, commonly known as WannaCry ransomware.

In less than 24 hours on May 12, 2017, more than 300,000 computers in 150 countries were infected by WannaCry, each demanding a ransom payment. WannaCry is categorized as a worm as similar to the Morris worm as it has the ability to spread itself within networks without user interaction.

WannaCry specifically exploited the security vulnerability in Server Message Block Protocol (SMB protocol) in some versions of Microsoft Windows. SMB protocol allows users to access files, printers and other resources on a network.

Prevention

Here are some cybersecurity measures to protect your organization’s computers or networks from worms similar to WannaCry and Morris worms:

Implement Network Segmentation

In network segmentation, vital computers that housed critical information and operations are separated or disconnected from computers connected to vulnerable systems like the public internet. Network segmentation ensures that when internet-facing computers are infected by a worm, these vital computers aren’t affected.

Keep All Software Up-to-Date

Make sure that software security updates are installed as timely as possible, not months or years after the release dates of the security updates.

Cyberattackers have automated the process of scanning the internet for finding vulnerable computers – those that fail to install security updates. This was the case for WannaCry victims as they failed to install the security update issued by Microsoft months before the WannaCry cyberattack.

Refrain from Using Legacy Hardware and Software

The term “legacy” refers to old and outdated computer hardware or software. Similar to computers that fail to timely install security updates, legacy hardware and software programs are similarly targetted by cyberattackers as these legacy hardware and software programs no longer receive security update from their vendors.

Some versions of the Microsoft Windows (Windows XP, Windows 8, and Windows Server 2003 operating systems) were targeted by WannaCry attackers as well as during the attack these software programs were no longer supported by Microsoft. A day after the WannaCry attack, however, Microsoft released security updates for Windows XP, Windows 8, and Windows Server 2003.

Protecting computers or networks from worms and other malicious software is important in order to prevent data breaches. Under Canada’s Digital Privacy Act, starting November 1 this year, private organizations are mandated to notify the Privacy Commissioner of Canada and the affected individual “as soon as feasible” in the event that a data breach poses a “real risk of significant harm” to any individual.

When you need help assessing and mitigating the cybersecurity risks, contact out team of expertsand minimize the likelihood of a data breach.

0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Author

    Steve E. Driz, I.S.P., ITCP

    Picture
    View my profile on LinkedIn

    Archives

    March 2023
    February 2023
    January 2023
    December 2022
    June 2022
    May 2022
    February 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    October 2016
    August 2016
    May 2016
    March 2016
    January 2016
    November 2015
    October 2015
    August 2015
    June 2015

    Categories

    All
    0-Day
    2FA
    Access Control
    Advanced Persistent Threat
    AI
    Artificial Intelligence
    ATP
    Awareness Training
    Botnet
    Bots
    Brute Force Attack
    CASL
    Cloud Security
    Compliance
    COVID 19
    COVID-19
    Cryptocurrency
    Cyber Attack
    Cyberattack Surface
    Cyber Awareness
    Cyber Espionage
    Cybersecurity
    Cyber Security
    Cyber Security Consulting
    Cyber Security Insurance
    Cyber Security Risk
    Cyber Security Threats
    Cybersecurity Tips
    Data Breach
    Data Governance
    Data Leak
    Data Leak Prevention
    DDoS
    Email Security
    Fraud
    GDPR
    Hacking
    Impersonation Scams
    IoT
    Malware
    MFA
    Microsoft Office
    Mobile Security
    Network Security Threats
    Phishing Attack
    Privacy
    Ransomware
    Remote Access
    SaaS Security
    Social Engineering
    Supply Chain Attack
    Supply-Chain Attack
    Third-Party Risk
    Virtual CISO
    Vulnerability
    Vulnerability Assessment
    Web Applcation Security
    Web-applcation-security
    Web Application Firewall
    Web Application Protection
    Web Application Security
    Web Protection
    Windows Security
    Zero Trust

    RSS Feed

Picture

1.888.900.DRIZ (3749)

Managed Services

Picture
Web Application Security
​Virtual CISO
Compliance
​Vulnerability Assessment
Free Vulnerability Assessment
Privacy Policy | CASL

About us

Picture
Testimonials
​Meet the Team
​Subsidiaries
​Contact us
​Blog
​
Jobs

Resources & Tools

Picture
​Incident Management Playbook
Sophos authorized partner logo
Picture
© 2023 Driz Group Inc. All rights reserved.
Photo used under Creative Commons from GotCredit