In 1988, the internet was still small and far simpler than it is today. It was then that the Morris worm appeared, infecting around 6,000 computers — nearly 10% of the entire network at the time.
This was the first successful large-scale cyberattack in history. It immediately revealed a problem that remains relevant today: people underestimate basic security practices.
This incident became a turning point, clearly showing that information security depends not only on technology, but also on the everyday actions of users.
The worm was created by a student, Robert Morris. His idea did not seem dangerous — he wanted to understand the scale of the internet and essentially conduct a “census” of connected systems.
To do this, he developed a program capable of spreading independently across the network and resisting attempts to stop it. It exploited a vulnerability in the Sendmail mail server and, more importantly, weak user passwords.
At that time, cyber hygiene was virtually non-existent. Simple passwords, usernames, or common words were considered normal. These habits became the key to the worm’s rapid spread.
To remain undetected, the worm altered its behavior within the system: masking processes, removing traces, and encrypting data in memory. When entering a new computer, it checked whether another copy was already present.
However, due to a flaw in the program logic, one copy would remain active even on already infected systems. This led to repeated infections and system overload.
Within hours, thousands of computers stopped functioning. Data remained intact, but access was lost. The system was effectively down for several days until specialists found a way to stop the worm.
The damage was estimated at approximately $96.5 million — a significant amount at the time.
This incident became a turning point for the entire industry. Robert Morris became the first person in the United States to be prosecuted under the Computer Fraud and Abuse Act.
However, his story did not end there. He remained in IT, founded a startup that was later sold to Yahoo!, and continued his career in academia.
For the industry, this case sent a clear signal: security could no longer be treated as a secondary concern.
More than thirty years have passed. Technologies have become more advanced, attacks more sophisticated, and security tools significantly more powerful.
But one thing has not changed.
The human factor remains the weakest link in cybersecurity.
Cyber hygiene is not about formal rules. It is about everyday habits: strong passwords, awareness, and a basic understanding of risks.
And it is these simple things that ultimately determine how well companies and their data are protected today.
Author: Maryna Larchenko, Specialist, Information Security Risk Management and Methodology Department, MODUS X