Zero-Day exploits are becoming a household name, at least for people who are “into” technology. Gone are the days where Zero-Day felt like a top secret term that you shouldn’t even know existed. Now, in 2020, these types of exploits are more prevalent than ever, and security firm FireEye tasked themselves with seeing how widespread these hacks are. More importantly, they wanted to see just how accessible Zero-Day exploits have become, especially for countries with notable lacking technological prowess. Their findings became the topic of Andy Greenberg, writing for WIRED, and show us a piece of the picture that is governmental hacking.
Zero-Day exploits are of course nothing new. The idea is that hackers utilize, or sell, information on exploits in popular software before the developers of said software are aware of the exploit themselves. Zero-Day exploits are very broad, but ultimately all lead to the utilization of hackers to gain access to unintended features or data offered in a software application. One famous alleged Zero-Day exploit is that of the hacking Amazon CEO Jeff Bezo’s Whatsapp account. This Zero-Day hack, which the article mentions was “reportedly” the work of Saudi Arabia. The breadth of the damage Zero-Day exploits are capable can only be imagined, as they are very secretive and largely go undetected. The one’s that are brought to public eye many times cause severe damage.
While compiling data and research on Zero-Day exploits, FireEye had to acknowledge that what they found “is not a holistic view of the zero-days that exist in the whole world” but the findings are still fascinating. From the data they could reliably pinpoint, China and Russia are large players in this field. This should come as no surprise, as both but massive amount of prevalence on cyber-security and cyber-warfare, but what is head-turning is the presence of some of the smaller countries on the list. Uzbekistan made the list, despite they “proved to be so inexperienced that agents installed Kaspersky antivirus on some of the same machines they used for malware development, exposing their own operations“. This led to true insight from this research, which is the abundance of purchasing Zero-Day exploits from hackers may have no political allegiance.
The article gives insight on not only which countries utilize Zero-Day exploits, but poses thought on how smaller players may use “not skill, but cash” to buy their way onto the chart of Zero-Day exploiters. While the world begins to rely almost entirely on software infrastructure, the price tag for Zero-Day exploits that can damage political opponents will only rise. Hackers are getting smarter, and their tools more accessible. Couple that with a bigger paycheck, and even the most promising computer scientist may go rogue in the name of selling Zero-Day exploits. Software vulnerabilities are usually held close to the chest for these specific reasons, but disclosing them would likely not create a safer platform. The real need is that of time. Far too often software is rushed out the door to meet a deadline, and many known exploits are ignored in favor of shipping a timely product. The culture around this continues to grow, and the more it does the larger the gap in the door opens for Zero-Day exploits to continue. Hopefully it doesn’t take a massive loss of public trust from a major Zero-Day exploit affecting the average user, but that reality grow more likely every time software is shipped with a priority on deadline versus functionality. In the case of life-saving software or software containing highly confidential data, the rules must be changed, and bug fixes before launch must become a priority. While I have never personally seen this before, the potential of shutting down a software’s functionality entirely when a bug is found in order to fix it could also be a worthwhile endeavor even if the software is popular and in circulation as a finished product. Security must be a main concern.
Source Article: https://www.wired.com/story/zero-day-hacking-map-countries/
Social Structures & Algorithms 