“Part of the reason you’re looking more now is because we’re finding more,” says Microsoft Doerr. “We are good at shining the spotlight. Now you can learn from what is happening with all your customers, and it helps you get smarter and faster. What In the bad situation of seeing something new, it affects one customer instead of 10,000. “
But reality is far more troublesome than theory. Earlier this year, several hacking groups launched attacks on Microsoft Exchange email servers. What started as a serious zero-day attack was temporarily exacerbated in the period after the fix became available and before it was actually applied to the user. The gap is a sweet spot that hackers love to hit.
However, as a general rule, Doerr is on target.
Exploits are becoming more difficult and more valuable
Even if zero-days are seen more than ever, there is one fact that all experts agree on. It’s getting harder and more expensive for them to pull off.
Better defenses and more complex systems mean that hackers need to do more work to break into targets than they did ten years ago. Attacks are costly and require more resources. However, the reward is that so many companies operate in the cloud that the vulnerability could expose millions of customers to attack.
“Ten years ago, when everything was on-premises, there were many attacks that only one company saw,” says Doerr. “And few companies were ready to understand what was happening.”
In the face of improved defenses, hackers often need to link multiple exploits rather than just one. These “exploit chains” need more zero-days. The success of finding these chains is also part of the reason for the surge in numbers.
Today, Daud said attackers “have to take more investment and risk by using these chains to reach their goals.”
One of the key signals comes from the rising cost of the most valuable exploits. Limited data available, such as Zerodium’s public zero-day price, show that the cost of the finest hacks has risen by 1,150% over the last three years.
But even if zero-day attacks are more difficult, demand will increase and supply will follow. The sky may not have fallen, but it’s not a completely sunny day.
2021 broke the record of zero-day hacking attacks
Source link 2021 broke the record of zero-day hacking attacks