[ad_1]
“Ransomware groups have been able to acquire new talent and use resources from their ransomware operations and the insane amount of revenue they have drawn to focus on what was once government-sponsored space. [hacking] groups,” says James Sadowski, a researcher at Mandiant.
Zero days are often traded in the shadows, but what we do know is how much money is in play. A latest MIT Technology Review report He detailed how an American firm sold a powerful iPhone zero-day for $1.3 million. Zero-day vendor Zerodium has an ongoing offer to pay the hacker $2.5 million for any zero-day that gives control of an Android device. Zerodium then turns away and sells the exploit to another organization—perhaps an intelligence agency—for a substantial price increase. Governments are willing to pay this kind of money because zero days can be an instant trump card in the global espionage game, potentially worth more than the millions an agency can spend.
But frankly, they’re also very valuable to criminals. A particularly aggressive and resourceful group of ransomware, known by the codename UNC2447, exploited Zero-day vulnerability in SonicWall, a virtual private network appliance used in large companies around the world. Once the hackers gained access, they used ransomware and then pressured victims to pay, threatening to tell the media about the attacks or to threaten firms to sell their data on the dark web.
Perhaps the most notorious ransomware group in recent history is the hackers Darkside, who caused the Colonial Pipeline to be shut down and ultimately fuel shortages in the eastern United States. They also benefit from at least one zero-day during short but intense periods of activity, Sadowski says. Shortly after they became world famous and caught the attention of all the unwanted law enforcement that came with fame, Darkside closed, but the group may have simply rebranded since then.
For a hacker, the next best thing to a day zero might be a day or two of vulnerability – a vulnerability that was recently discovered but has yet to be fixed by the hacker’s potential targets around the world. Cybercriminals are also making rapid progress in this race.
Cybercrime groups “detect zero-days faster from state-sponsored threat actors,” says Adam Meyers, senior vice president of intelligence at security firm Crowdstrike. Criminals observe zero days being used, and then start using the tools for their own purposes before most cyber defenders realize what’s going on.
“They quickly figure out how to use it and then use it for ongoing operations,” Meyers says.
[ad_2]
Source link