Hackers' Black Market Profiting at the Expense of US Businesses, Institutions, Agencies and Individuals Alike

Many businesses simply don't realize, or refuse to accept, just how stacked against them the deck really is on digital frontier, but a recent New York Times article shines some light into those dark corners of the digital landscape that no one wants to imagine are even there. Exposing new weaknesses, or zero day attacks, is big business in the hacker underworld, "and the ripple effect can have devastating consequences for any business, institution or agency out there," says Joe Caruso, founder and CEO/CTO of Global Digital Forensics.

  • Share on TwitterShare on FacebookShare on Google+Share on LinkedInEmail a friend

The buying and selling of exploits is costing businesses big every day

The hard truth is every business, agency, institution or individual is susceptible to a zero day attack

New York, NY (PRWEB) July 18, 2013

In an [exposé published by the New York Times July 14, 2013, the black market world of hackers, and the zero day exploits being peddled daily, took center stage. It used to be that exploits was primarily hacker turf, but today everyone from cyber criminals, to corporations, to governments can be found pulling the trigger on the purchase of a zero day exploit. As CEO/CTO of Global Digital Forensics, a premier cyber emergency incident response provider, Joe Caruso and his team of expert responders have plenty of experience helping clients respond to a wide array of incidents directly related to those previously unknown vulnerabilities that eventually make their presence felt.

For there to be a reaction, there first has to be an action. Welcome to the conundrum of zero day threats.

“The hard truth is every business, agency, institution or individual is susceptible to a zero day attack, mainly because the cyber security industry as a whole is rooted in a reactionary posture,” Caruso says. “An exploit first needs to be discovered before identification signatures, protections, countermeasures and other fixes can be developed and disseminated to the public, and that means it takes time before even the best anti-virus programs or other security measures can be fortified against a particular exploit. It’s that critical window between the discovery of a potential exploit and the development and implementation of a solution that is the realm of a zero day attack. Unfortunately, in most cases there is the cyber equivalent to a patient zero, that first reported victim who starts the gears of the cyber security industry moving towards finding a solution. But by then, there may already be a flood of casualties out there. That’s what makes the need for an effective and well supported cyber emergency incident response plan absolutely crucial for any entity with a digital presence, especially those whose core functions and/or downright existence rely on their digital assets.”

So who are the players in the black market world of zero day exploits?

“Once upon a time, the zero day exploit market was by hackers, for hackers. But today, everyone from run-of-the-mill cyber criminals, to rival governments and global business competitors seek to leverage every advantage they can find, and others are buyers that simply can’t afford to wait for the slow gears of the cyber security industry to get through the bureaucracy and other delays inherent to today’s solution process, like security agencies tasked with keeping national infrastructure assets safe, so they flat out buy the exploits from grey hat and black hat hackers alike. If a zero day exploit is out there, they want to know about it on day zero so they can adjust accordingly, and they’ll pay top dollar for the privilege. And since zero day exploits can affect the bottom line fortunes of huge corporations, it’s no wonder software giants like Microsoft are willing to pay six figure sums to learn about the exploits as quickly as possible so they can address them post haste. They know if flaws in their software can expose their users to intrusions or other types of attacks, it will directly affect their ledger in a big and negative way. And of course, governments and companies bent on espionage love them too.”

An effective cyber incident emergency response plan is like having major medical coverage when a catastrophic event occurs.

“Just like in the medical world, focusing on prevention can nip a lot of ailments in the bud before they become bigger, badder and more problematic. Things like anti-virus protection, sound security policies and following correct security procedures are the cyber equivalents to preventive medicine coverage. But sometimes, catastrophe strikes no matter how well prepared or vigilant someone may be. Heart attacks, cancer, aneurisms, strokes and a whole host of other ailments can strike without rhyme or reason, and that’s when major medical coverage could make all the difference. It won’t stop bad things from happening, but it can really save your bacon if something does. That’s what cyber incident emergency response is all about, having an effective plan in place to set the right wheels in motion in the event of a catastrophe. You’ll have the professional coverage needed to have the emergency quickly and professionally assessed, you’ll have a pre-planned escalation matrix to follow and get the problem escalated to the right people with the right skills, you’ll have the steps in place to stop the bleeding, thwart the spread of infection, and you’ll be better able to deal with the all the nasty aftermath by the best and most effective means possible. And that aftermath in the cyber world means things like regulatory compliance fallout in the form of fines or other punitive steps, protecting trust and integrity, and avoiding costly prolonged dysfunction by restoring internal functions to the state they need to be as quickly as possible. That’s what we help clients do, and we’ve got emergency responders available 24/7, strategically located both nationwide and worldwide so we can have response times unrivalled in the industry. And in the world of zero day threats that can sometimes be next to impossible to stop, it’s coverage nobody with a digital presence should be without. We’ve even got no-retainer Service Level Agreement options available, so clients that we do cyber threat assessments and penetration testing for can have the protection without paying an additional penny if they don’t need it. It just doesn’t get any easier than that, so there should be no more excuses.”

Global Digital Forensics can help with cyber security needs from A to Z and can tailor customized plans to suit the unique needs of any client, no matter how big or small. And with a hacker black market out there catering to anyone who wishes to leverage zero day exploits for whatever sinister agenda they may have, having a recognized leader in cyber security like GDF in the wings can make all the difference in surviving the onslaught.

*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, electronic discovery (eDiscovery), cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a plan which will meet your unique needs. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit http://www.evestigate.com.