“Part of the reason you are seeing more now is because we have discovered more,” said Microsoft’s Doerr. “We are better at shining the spotlight. Now you can understand the situation of all your customers, which helps you become smarter faster. In a bad situation where you see new things, this will affect one customer instead of 10,000 customer.”
However, reality is much messier than theory. Earlier this year, Multiple hacker groupss Launched an offensive against the Microsoft Exchange email server.The critical zero-day attack at the beginning briefly became Even worse During the time period after the fix is available but before it is actually applied to the user. This gap is the sweet spot that hackers like to attack.
However, as a rule, Doerr is correct.
Exploiting vulnerabilities is getting harder and more valuable
Even though zero-day vulnerabilities are seen more than ever before, all experts agree on the fact that they are becoming more difficult to achieve and their costs are getting higher and higher.
Better defenses and more sophisticated systems mean that hackers must do more work to break into their targets than they did ten years ago-attacks are more expensive and require more resources. However, the payoff is that with so many companies operating in the cloud, one vulnerability could expose millions of customers to attack.
“Ten years ago, when everything was done internally, many attacks were only seen by one company,” Doerr said, “and few companies knew what was going on.”
Faced with improved defenses, hackers often have to link multiple exploits together instead of just using one. These “vulnerability chains” require more zero-day vulnerabilities. The successful discovery of these chain stores is also part of the reason for the dramatic increase in numbers.
Today, Dowd states that attackers “must achieve their goals by owning these chains, thereby making more investments and taking more risks.”
An important signal comes from the increase in the cost of exploiting the most valuable exploit.Limited data available, such as Zerodium’s public zero-day price, Display up to Up 1,150% In the cost of the most high-end hackers in the past three years.
But even if zero-day attacks are more difficult, demand has risen and supply has followed. The sky may not collapse—but it won’t be sunny either.