The most powerful hacking tools are no longer in the hands of governments alone

Image depicting a hand on a scanner
(Image credit: Pixabay)

Historically, zero-day exploits have been available to state-sponsored actors only, due to the high cost of development or purchase. However, new analysis shows that unaffiliated threat actors are increasingly getting their hands on these powerful hacking tools.

According to a report from MIT Technology Review, based on a Mandiant study, many modern cybercriminals are wealthy enough to fund the development of zero-day exploits, which can be used to launch devastating and highly lucrative attacks.

The report credits this industry shift to the rise of ransomware attacks, which have proven an effective method of extorting businesses for cash.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022end of this survey

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Zero-day vulnerabilities

The term 'zero-day' describes a vulnerability that is unknown to the victim, who is therefore defenseless in the face of an attack. When leveraged, they allow threat actors to deploy malware and control devices remotely, or siphon out data and other sensitive information.

The Mandiant report shows that the proportion of zero-day vulnerabilities exploited by cybercriminals is growing. A third of all hacking groups that exploited zero-days last year were not state-sponsored threat actors, but rather financially motivated groups.

In previous years, “only a very small fraction of zero-days” were deployed by cybercriminals, the report states.

These vulnerabilities don’t come cheap, though, with zero-days for iPhone and Android selling for upwards of $1 million.

In previous years, hacking groups did not have that kind of budget. However, ransomware has made it possible for them to demand ransom payments in the millions, as was seen in cases such as Colonian Pipeline, JBS and others. 

They are “picking up state-sponsored threat actors’ zero-days at a quicker pace,” said Adam Meyers, SVP Intelligence at the security firm Crowdstrike. “They quickly figure out how to use [zero-days], and then they leverage [them] for continued operations.”

Via MIT Technology Review

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.