Business Should Move to an Incident Response Security Posture and Accept that Governments Will Maintain Stockpiles of Zero-days
With surprising concurrency, the RAND Corporation has published a lengthy study into zero-day exploits stockpiled by government just two days after WikiLeaks released its batch of documents on CIA hacking tools. While many have been surprised and even appalled that the government should maintain a stockpile of zero-day vulnerabilities and exploits, RAND seems to accept it as a matter of fact that all governments do so.
For the purpose of its research, “RAND obtained rare access to a dataset of information about zero-day software [...]
According to FireEye, threat actors targeted strategic industries (i.e. aerospace and defense, energy, health and pharmaceuticals, and shipping), government and defense agencies searching for political, economic and military intelligence.
Experts believe sophisticated threat groups could be particularly interested in sectors such as aerospace and defense, energy, health and pharmaceuticals, and shipping.
Threat actors targeted Nordic countries due to their robust economies and valuable information managed by companies operating in sectors [...]