But while the record-setting number grabs attention, it can be hard to know what it tells us. Does it mean there are more zero-days being used than ever? Or are defenders better at catching the hackers they would have previously missed?
“An increase is for sure what we’re seeing,” says Eric Doerr, vice president of cloud security at Microsoft. “The interesting question is what does it mean? Is the sky falling? I’m in the camp of ‘Well, it’s nuanced.’”
Hackers are “operating at full tilt”
One contributing factor in the higher rate of reported zero-days is the rapid global proliferation of hacking tools.
Powerful groups are all pouring heaps of cash into zero-days to use for themselves—and they’re reaping the rewards.
At the top of the food chain are the government-sponsored hackers. China alone is suspected to be responsible for nine zero-days this year, says Jared Semrau, a director of vulnerability and exploitation at the American cybersecurity firm FireEye Mandiant. The US and its allies clearly possess some of the most sophisticated hacking capabilities, and there is rising talk of using those tools more aggressively.
“We have this top tier of sophisticated espionage actors who are definitely operating at full tilt in a way we hadn’t seen in past years,” says Semrau.
Few who want zero-days have the capabilities of Beijing and Washington. Most countries seeking powerful exploits don’t have the talent or infrastructure to develop them domestically, and so they purchase them instead.
It’s easier than ever to buy zero-days from the growing exploit industry. What was once prohibitively expensive and high-end is now more widely accessible.