2021 breaks the record for zero-day hacking attacks
“Part of the reason you’re being found a lot now is because we’ve found a lot,” Microsoft’s Doerr said. “We’d better shine a spotlight. Now you can learn from what’s happening to all of your customers, which will help you become a more quick-witted resource. In the bad situation where you see recently, that would affect one customer instead of 10,000. ”
Reality is much more chaotic than theory, though. Earlier this year, many hacking groupslaunched offensives against Microsoft Exchange email servers. What started out as a critical zero-day attack turned out to be small even worse at the time after a fix is applied but before it is applied by users. That gap is a sweet spot that hackers want to hit.
As a rule, however, Doerr is seen.
The benefits are becoming increasingly difficult – and even more valuable
Even if zero-days are seen to be more prevalent at first, there is one fact that all experts agree on: they are harder and more expensive to get out.
Better protections and more complex systems mean hackers have to do more work to penetrate a target than they did a decade ago-attacks are more expensive and require a lot of work. resources. The downside, however, is that with many companies operating in the cloud, a vulnerability can open up millions of customers to attack.
“Ten years ago, when everyone was in place, there were a lot of attacks that could only be seen in one company,” Doerr said, “and few companies were equipped to figure out what was going on.”
Faced with improving defenses, hackers often have to combine multiple exploits instead of using just one. These “exploit chains” require even more zero-days. The success of spotting these chains is also part of the reason for the steady rise in numbers.
Now, according to Dowd, attackers “need to invest more and risk more by acquiring chains to achieve their goals.”
An important signal from the rising cost of the most valuable exploitation. Limited data available, e.g. Zerodium zero-day public prices, appeared as a 1,150% increase at the cost of the highest hacks in the last three years.
But even as zero-day attacks became more difficult, demand increased, and supply followed. The sky may not fall – but neither is it a perfect sunny day.