Pretty much the most valuable thing a hacker can own is a zero-day exploit – a way to launch a cyberattack through a previously unknown security hole. Such vulnerabilities can fetch prices in excess of a million dollars in the open market.
This year, the cyberspace security industry intercepted the highest number of zero days of all time, as can be read from several databases and as researchers and representatives of cybersecurity companies report in an interview with MIT Technology Review. According to databases like that 0-Day Tracking Project at least 66 zero-days were found in use this year – almost twice as many as in 2020 and more than any other year on record.
But while the record number in itself attracts attention, its interpretation is not easy. Does it mean that more zero days are being used than ever before? Or are the defenders better able to catch the hackers they would have overlooked earlier?
Rapid spread of hacking tools
“We’re definitely seeing an increase,” said Eric Doerr, vice president of cloud security at Microsoft. “The interesting question is, what does that mean? Does the sky collapse? I think it’s a nuanced phenomenon.”
One factor contributing to the higher reported zero-day rate is the rapid spread of hacking tools around the world. Powerful groups invest tons of money in zero-days to use for themselves – and they profit from it.
At the top are government sponsored hackers. China alone is suspected of being responsible for nine zero days this year, says Jared Semrau, director of vulnerabilities and exploitation at the American cybersecurity company FireEye Mandiant. The US and its allies undoubtedly have some of the most sophisticated hacking skills and rumors about it are growing all the time a more aggressive use of these instruments.
“We are dealing with a top group of highly developed espionage actors who are definitely working at full speed in a way that we have not seen in previous years,” says Semrau. Few zero-day goers have the skills of Beijing and Washington. Most countries looking for powerful exploits don’t have the talent or infrastructure to develop them in their own country, so they buy in.
Growing exploit industry
It’s easier than ever to buy zero-days from the growing exploit industry. What used to be prohibitively expensive and high quality is now more accessible. “We have seen government groups turn to the NSO Group or Candiru, these increasingly popular services that allow countries to trade financial resources for offensive capabilities,” says Semrau. The United Arab Emirates, the United States, and European and Asian powers have all invested money in exploiting security loopholes.
And also Cyber criminals have used zero-day attacks in recent yearsto make money by finding vulnerabilities in software that enable them to run profitable ransomware programs.
“A third of the zero days we’ve been tracking lately can be directly traced back to financially motivated actors. They are more sophisticated than ever and are playing an important role in this surge, which I think a lot of people are ignoring “says Semrau.