Ransomware
16.12.2021, Tel Aviv / Frankfurt am Main, Radware / Author: Herbert Wieler
The zero-day market
The security experts at Radware expect that the threat situation from cybercrime will worsen significantly again in 2022. The company sees the potential cooperation of ransomware groups with actors who specialize in trading zero-day exploits as a particular danger. In addition, Radware expects that malicious actors could attract previous white hat hackers to their side, since they can simply pay better than the industry through successful ransom extortion.
Pascal Geenens, Director Threat Intelligence at Radware
This year, Radware has seen an increase in zero-day attacks by more advanced threat actors, and the company’s researchers expect this trend to continue. Given the large amounts of cryptocurrency that ransomware operators have collected, it is not unthinkable that they could now also become future customers of zero-day traders.
“The zero-day market has always been a difficult balancing act,” explains Pascal Geenens, Director Threat Intelligence at Radware . “On the one hand, there are the official bug bounty programs from technology providers that reward external security researchers for their discoveries. In this way, disasters are avoided by closing the vulnerabilities before they can be exploited. However, the same companies have to keep their own security experts happy. If the bug bounties are too high, you will lose your best experts, as they will become external researchers and will receive higher payments through bug bounties. On the other hand, there are those who trade in exploits and, as a rule, pay better than the manufacturers for found vulnerabilities.”
New players such as ransomware groups could thus trigger a new dynamic in the market for trading zero-day exploits in 2022, which could eventually lead to significant changes in the attack surface of companies.
Another major danger Radware sees is that the financial resources of the attackers are currently not in balance with the security budgets of the defenders. There are therefore little to no ways to eliminate the hacking economy through additional barriers that make it more costly and time-consuming for attackers to penetrate organizations and infrastructures. “These players are sitting on a mountain of crypto-gold,” says Geenens. “The U.S. Treasury Department recently linked $5.2 billion in Bitcoin transactions to ransomware payments over the past two years. Due to their continued success, the ransomware gangs have control over how and when they will invest.”