Ransomware gangs are now rich enough to buy zero-day flaws

Cyber criminals are becoming more advanced as they continue to find new ways to deliver attacks, and some are now willing to buy zero-day vulnerabilities, something more traditionally associated with nation-states.

Knowledge about vulnerabilities and exploits can command a high price on underground forums, because being able to take advantage of them can be very profitable for cyber criminals. That’s especially if this involves a zero-day vulnerability that’s not known about by cybersecurity researchers, because attackers know potential victims won’t have had the chance to apply security updates to protect against it.

For example, in the weeks after Microsoft Exchange vulnerabilities were disclosed earlier this year, cyber criminals rushed to take advantage of them as quickly as possible, in order to benefit from the ability to carry out attacks before the security patches were widely applied.

Read more…
Source: ZDNet