Historically, zero-day exploits have been available to state-sponsored actors only, due to the high cost of development or purchase. However, new analysis shows that unaffiliated threat actors are increasingly getting their hands on these powerful hacking tools.
According to a report from MIT Technology Review, based on a Mandiant study, many modern cybercriminals are wealthy enough to fund the development of zero-day exploits, which can be used to launch devastating and highly lucrative attacks.
The report credits this industry shift to the rise of ransomware attacks, which have proven an effective method of extorting businesses for cash.
Zero-day vulnerabilities
The term 'zero-day' describes a vulnerability that is unknown to the victim, who is therefore defenseless in the face of an attack. When leveraged, they allow threat actors to deploy malware and control devices remotely, or siphon out data and other sensitive information.
The Mandiant report shows that the proportion of zero-day vulnerabilities exploited by cybercriminals is growing. A third of all hacking groups that exploited zero-days last year were not state-sponsored threat actors, but rather financially motivated groups.
In previous years, “only a very small fraction of zero-days” were deployed by cybercriminals, the report states.
These vulnerabilities don’t come cheap, though, with zero-days for iPhone and Android selling for upwards of $1 million.
In previous years, hacking groups did not have that kind of budget. However, ransomware has made it possible for them to demand ransom payments in the millions, as was seen in cases such as Colonian Pipeline, JBS and others.
They are “picking up state-sponsored threat actors’ zero-days at a quicker pace,” said Adam Meyers, SVP Intelligence at the security firm Crowdstrike. “They quickly figure out how to use [zero-days], and then they leverage [them] for continued operations.”
