“Part of the reason you’re seeing more now is because we’re finding more,” says Microsoft’s Doerr. “We are better to stand out. Now you can learn from what is happening to all of your customers, helping you get smarter faster. In the bad situation where you see something new, that will affect one customer instead of 10,000. “
However, the reality is much more complicated than the theory. Earlier this year, several hacker groups launched offensives against Microsoft Exchange email servers. What started out as a critical zero-day attack briefly became worse in the period after a solution became available, but before it was actually applied to users. That gap is a sweet spot that hackers love to hit.
However, as a general rule, Doerr hits the spot.
Exploits are getting harder and more valuable
Even if zero days are being seen more than ever, there is one fact that all experts agree on: it is becoming increasingly difficult and more expensive to carry out.
Better defenses and more complicated systems mean hackers have to work harder to penetrate a target than they did a decade ago – attacks are more expensive and require more resources. The payoff, however, is that with so many businesses operating in the cloud, one vulnerability can expose millions of customers to attack.
“Ten years ago, when everything was on the premises, many of the attacks were only seen by one company,” says Doerr, “and few companies were equipped to understand what was going on.”
Faced with improved defenses, hackers often have to link multiple exploits rather than just using one. The “chain of exploitation” theses require more zero days. Success in detecting these strings is also part of the reason for the sharp increase in the number.
Today, Dowd says, attackers “have to invest more and risk more by having these chains to achieve their goals.”
An important sign comes from the rising cost of the most valuable exploits. Limited data available, such as Zerodium zero-day public pricing, shows as much as a 1,150% increase in the cost of high-level hacks in the last three years.
But even if the zero-day attacks are tougher, the demand has increased and the supply continues. The sky may not be falling, but it’s not a perfectly sunny day either.