Wealthy cybercriminals are using zero-day hacks more than ever

“Ransomware groups are able to recruit new talent and utilize resources from their ransomware operations, and they are focusing on what was once a state-sponsored domain to focus on the revenue they are generating. [hacking] Groups, ”says James Sadowski, a researcher with Mandiant.

Zero-days are usually bought and sold in the shadows, but what we do know is how much money is in the game. A recent MIT Technology Review report details how an American firm sold the powerful iPhone Zero-Day for 1. 1.3 million. Zerodium, a zero-day seller, has a standing offer to pay $ 2.5 million for any zero-day that gives a hacker control over an Android device. Zerodium then turns around and sells the exploit to another organization – perhaps the intelligence agency – at a significant markup. Governments are willing to pay that kind of money because zero-day could be an instant Trump card in the global game of espionage, worth more than the millions of dollars an agency could spend.

But they are also clearly valuable to criminals. A particularly aggressive and adept ransomware group, known by the code name UNC2447, used Zero-Day vulnerabilities in SonicWall, a virtual private network tool used by large corporations around the world. After the hackers gained access, they used ransomware and then forced the media to pay the victims by threatening to report the hacks or sell companies’ data on the Dark Web.

Perhaps the most famous ransomware group in recent history is Darkside, which hackers shut down the Colonial Pipeline and eventually created a fuel shortage for the eastern United States. Sadowski says they also absorb at least one zero-day during the short but intense period of their activity. Soon after becoming world famous and attracting the attention of all the unwanted law enforcement that came with fame, Darkside closed, but since then the group may have rebranded.

For hackers, the next best thing after zero-day might be a one- or two-day vulnerability એક a security hole that has recently been discovered but has not yet been determined by the potential hacker’s potential targets worldwide. Cybercriminals are also fast advancing in that race.

Cybercrime groups are “rapidly picking up the zero-days of state-sponsored risky actors,” says Adam Meyers, senior vice president of intelligence at security firm CrowdStrike. Most cyber-defenders observe the zero-days used by criminals before they know what is happening and then rush to co-opt the tools for their own purposes.

“They quickly figure out how to use it, and then they take advantage of it for continuous operation,” Meyers says.

Similar Posts

Leave a Reply

Your email address will not be published.