I think people forget it's not the 90s, exploits are big business, not just trolling Theo. If you have money, you can buy capability, it's an economic decision.
-
-
Replying to @taviso
If I'm following your point, it's that anyone who wants capability can now use capital to acquire it, so release of N-day PoCs is immaterial to that? I don't think criminal groups could buy NSO's products and researchers wanting to make that kind of thing now go work for NSO/APT.
2 replies 0 retweets 1 like -
Replying to @dinodaizovi @taviso
As important targets became harder, it's now a team-sized endeavor and solo basement hackers have trouble producing useful capabilities (this is a good trend overall). Financially motivated criminal groups seem to do more mass-fraud than targeted attacks w/ exploits from my feed.
1 reply 0 retweets 1 like -
Replying to @dinodaizovi @taviso
So "attackers" are largely bifurcated into criminals and APTs. Part of the challenge of this debate is that different people think about either attack or defense and of APTs or criminals. Makes it hard to be precise about which group's activities they are trying to hamper.
1 reply 0 retweets 1 like -
Replying to @dinodaizovi
Aren't you doing exactly that? If you care about opportunistic criminals, nday is essentially non existent relative to malware, no?
1 reply 1 retweet 1 like -
Replying to @taviso
I wouldn't say "essential non-existent" because some published exploits seem to enabling ransomware and cryptomining these days (I don't have hard numbers, just anecdotally). Published client-sides can also help NSO-like companies. To me, the only winning move was not to play :).
2 replies 0 retweets 1 like -
Replying to @dinodaizovi
Perhaps we can agree not even 1% compared to malware. There for sure are drawbacks to open research we have to wrestle with, but the net result is undoubtedly positive. Similarly, there are drawbacks to easy availability of lots of things, pharmaceuticals, power tools, etc.
1 reply 0 retweets 1 like -
Replying to @taviso
Sorry I can't agree to a number on each of our personal perceptions w/o data :). There are ~1.34 gazillion malware samples a minute in VT, so I'd bet the number of those attempted installations via exploits is knowable and the lineage of that exploit code could be examined.
1 reply 0 retweets 0 likes -
Replying to @dinodaizovi
Hmmm. That seems odd, you can't agree that malware is more prevalent than exploitation? Even for the purpose of informal discussion?
2 replies 1 retweet 0 likes -
Replying to @taviso
In a surprise to no one who has ever worked with me, I have a little/lot OCD :). I can absolutely agree that malware is more prevalent than exploitation, but I can't get myself to put a number to it.
1 reply 1 retweet 0 likes
I see, understood. See other reply, I clarified why it matters.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.