The most valuable thing hackers can have is a zero-day exploit, which allows them to launch an attack via a previously undiscovered vulnerability. These exploits are often worth more than $1 million.
According to multiple databases, researchers and cybersecurity companies that spoke with MIT Technology Review, cybersecurity defenders caught the most ever. According to databases like the 0-day tracking program, at least 66 zero-days were found this year. This is more than any year in record.
While the record-setting figure grabs our attention, it can be difficult to understand what it means. Is it a sign that there are more zero-days than ever before? Are defenders now better at catching hackers that they might have missed in the past?
Eric Doerr (Vice President of Cloud Security at Microsoft) says that there is a certain increase in the number of users who are seeing it. What does this mean? Is it the sky falling? I am in the camp at Well, it nuanced.
Hackers operate at full throttle
The rapid global spread of hacking tools is one contributing factor to the higher reported zero-day rate.
They are reaping the benefits of powerful groups that have poured huge sums into zero-days for their own benefit.
The government-sponsored hackers are at the top of this food chain. According to Jared Semrau (director of vulnerability and exploitation at FireEye, an American cybersecurity company), China is responsible for nine zero-days in 2018. It is clear that the US and its allies have some of most advanced hacking capabilities. There is increasing talk about using these tools more aggressively.
Semrau says that we have a top-tier of highly skilled espionage actors, who are operating at full throttle in a way we haven't seen in years past.
Few people want to live in the future. Many countries looking for powerful exploits don't have the infrastructure or talent to develop them in their own country, so they buy them.