Computer flaws are common and every time a new version of any software comes out, it usually contains some bugs. Conventionally, hackers would find them and report them to the respective maker of the software, who’d pay in return. But increasingly, nations are outbidding these amounts to lay their hands on zero-day exploits first.
Different nations are apparently ready to pay in hundreds of thousands of dollars in order to be the first in laying their hands on zero-day exploits of popular software. This enables them to make use of these exploits, gain access to the machines of different targets and gather information and data.
Microsoft, for instance, has recently raised the amount it pays for zero-day flaws to $150,000. But even that is not sufficient since other ‘clients’ are ready to pay even higher amounts for these flaws. Zero-day exploits are a bit too popular among prospective clients, because these flaws are as-yet-undiscovered by any one else and thus, haven’t been patched.
This also gives the governments or other entities with nefarious intents, a chance to make use of the exploit without the victim realizing it. According to a former White House cybersecurity coordinator, “Governments are starting to say, ‘In order to best protect my country, I need to find vulnerabilities in other countries. The problem is that we all fundamentally become less secure.”
It is pertinent to note here is that the ‘clients’ of such security flaws includes many nation-states, such as U.S., Israel, Russia, India, Brazil and more. Moreover, the intelligence agencies are also among the top buyers of these flaws, which only shows that a cyber warfare of sorts has already commenced.