Over the past period, the malware economy has taken an interesting turn. The underground markets used to be a place frequented only by cybercriminals, but now they're becoming a valuable resource for both researchers and nation states.
According to experts from security firm Zscaler, now that the value of a zero-day vulnerability has gone into the six-figure range, other actors are joining the scene.
“White-collar researchers are parting with vulnerability information, selling it to a middleman and not asking questions about where it may end up. This trend will continue, but expect new participants to enter the fray, namely nation states,” experts explained in their predictions for 2013.
Specifically, governments – including the US government – have shown interest in leveraging cyberattacks to accomplish certain goals (such in the case of Stuxnet), or to enhance physical attacks.
“Nation states, desperate for top talent to stay ahead, will not confine themselves to only homegrown talent but become increasingly aggressive bidders on the open market. Unlike physical weapons whose R&D costs limit their production to governments willing to spend billions, 0day information thrives in the private market,” Zscaler representatives said.