Ransomware and cyber attacks have seen a steady rise in recent years, fueled in part by the growing popularity of cryptocurrencies. Behind the expanding ransomware economy and the increase of cybercrime worldwide is an active market for buying and selling zero-day software exploits.
Dhruv Bansal, co-founder and chief science officer of Unchained Capital, explained what exactly a zero-day vulnerability is and how it impacts organizations in the public and private sectors alike during a new video interview with Executive Mosaic.
Generally, large organizations and government agencies that deal with sensitive data employ the highest levels of computer security, and the individuals tasked with protecting these systems are highly skilled at defending against known threats. But zero-days are different.
“A zero-day is scary because by definition, a zero-day is an exploit in a computer system or software application that attackers know about but defenders do not know about,” explained Bansal. “So there’s an asymmetry in knowledge, and what that means is defenders can’t protect against this because they don’t know that it’s happening.”
“There is a time period over which an attacker may know about a vulnerability in the defender’s system, but the defender may not. So the defender is hard pressed to say that they have a secure network if they don’t know the kinds of vulnerabilities that they’re supposed to be protecting against,” he continued.
The zero-day market, Bansal said, “fundamentally exists to connect those who discover exploits with those who can really profit from them and to pay the former from the latter.” But in recent years, another class of buyer has emerged: software companies and government agencies themselves. These organizations have found that buying their own exploits in dark web markets is a viable economic strategy that allows them to limit their own risk of exposure.
Cryptocurrencies like Bitcoin are certainly involved in these zero-day marketplaces as a transaction currency, but Bansal asserted that Bitcoin may actually be the key to stopping cybercrime.
“Bitcoin itself as a piece of software is very exceptional. I don’t believe it suffers from zero-days… and furthermore, I believe that this property of being secure against zero-days is a characteristic that can be exported or inherited to other software in the future as Bitcoin continues to grow,” he revealed.
Find out more about the zero-day market and the factors moving it — watch Dhruv Bansal’s full video interview here. Subscribe to Executive Mosaic’s YouTube channel to stay up-to-date with the latest insights at the intersection of government and technology.