“Ransomware groups have been able to recruit new talent and use resources from their ransomware operation and from the huge revenues they are generating to focus on what was once a state-owned sector. patronize. [hacking] James Sadowski, a Mandiant researcher, said.
Zero-day is often bought and sold in the dark, but what we do know shows how much money is in play. One recent MIT Technology Review report details how an American company sold a powerful iPhone 0-day for $1.3 million. Zerodium, a zero-day provider, offers to pay $2.5 million for any zero-day that allows hackers to take control of an Android device. Zerodium then turns around and sells the mining to another organization – perhaps an intelligence agency – with a significant markup. Governments are willing to pay that kind of money because zero-day can be the instant trump card in the global spy game, potentially worth more than the millions of dollars an agent can spend.
But obviously they are also of great value to criminals. A particularly aggressive and adept group of ransomware, known by the codename UNC2447, exploit zero-day vulnerability in SonicWall, a virtual private network tool used by large corporations around the world. After hackers gain access, they use ransomware and then force victims to pay by threatening to tell the media about hacks or selling data by companies on the dark web.
Perhaps the most famous ransomware group in recent history is Darkside, whose hackers caused the closure of the Colonial Pipeline and ultimately fuel shortages for the eastern United States. Sadowski says they were over-exploited for at least a day during his short but intense run. Shortly after becoming world famous and garnering all the unwanted law enforcement attention that comes with fame, Darkside closed down, but since then the group may have changed its name to a simple way.
For a hacker, the next best thing after day 0 could be a hole in a day or two — a security flaw that was discovered recently but has yet to be fixed by potential hacker targets. it around the world. Cybercriminals are also making rapid strides in that race.
According to Adam Meyers, senior vice president of intelligence at security firm Crowdstrike, cybercrime groups “are catching up to the zero day time of state-sponsored threat actors at a faster rate “. Criminals observe unused days and then sprint to co-opt tools for their own purposes before most cyber defenders know what’s going on.
“They quickly figured out how to use it and then leveraged it to keep going,” says Meyers.
