Wealthy cybercriminals are using zero-day hacks more than ever
“Ransomware groups have been able to recruit new talent and to use the resources from their ransomware operations and from the insane amounts of revenue they’re pulling in in order to focus on what was once the domain of state-sponsored [hacking] groups,” says James Sadowski, a researcher with Mandiant.
Zero-days are typically bought and sold in the shadows, but what we do know shows just how much money is at play. A recent MIT Technology Review report detailed how an American firm sold a powerful iPhone zero-day for $1.3 million. Zerodium, a zero-day vendor, has a standing offer to pay $2.5 million for any zero-day that gives the hacker control of an Android device. Zerodium then turns around and sells the exploit to another organization—perhaps an intelligence agency—at a significant markup. Governments are willing to pay that kind of money because zero-days can be an instant trump card in the global game of espionage, potentially worth more than the millions an agency might spend.
But they’re clearly worth a lot to criminals too. One particularly aggressive and adept ransomware group, known by the code name UNC2447, exploited a zero-day vulnerability in SonicWall, a virtual private network tool used in major corporations around the world. After the hackers gained access, they used ransomware and then pressured victims to pay by threatening to tell the media about the hacks or sell the firms’ data on the dark web.
Maybe the most famous ransomware group of recent history is Darkside, the hackers who caused the shutdown of the Colonial Pipeline and ultimately a fuel shortage for the eastern United States. Sadowski says they too exploited at least one zero-day during their short but intense period of activity. Soon after becoming world famous and attracting all the unwanted law enforcement attention that comes with fame, Darkside shuttered, but since then the group may simply have rebranded.
For a hacker, the next best thing after a zero-day might be a one- or two-day vulnerability—a security hole that has been recently discovered but has not yet been fixed by that hacker’s potential targets around the world. Cybercriminals are making rapid advances in that race, too.
Cybercrime groups “are picking up state-sponsored threat actors’ zero-days at a quicker pace,” says Adam Meyers, senior vice president of intelligence at the security firm Crowdstrike. The criminals observe the zero-days being used and then sprint to co-opt the tools for their own purposes before most cyber-defenders know what’s happening.
“They quickly figure out how to use it, and then they leverage it for continued operations,” says Meyers.
Inside the conference where researchers are solving the clean-energy puzzle
The Advanced Research Projects Agency for Energy (ARPA-E) funds high-risk, high-reward energy research projects, and each year the agency hosts a summit where funding recipients and other researchers and companies in energy can gather to talk about what’s new in the field.
As I listened to presentations, met with researchers, and—especially—wandered around the showcase, I often had a vague feeling of whiplash. Standing at one booth trying to wrap my head around how we might measure carbon stored by plants, I would look over and see another group focused on making nuclear fusion a more practical way to power the world.
There are plenty of tried-and-true solutions that can begin to address climate change right now: wind and solar power are being deployed at massive scales, electric vehicles are coming to the mainstream, and new technologies are helping companies make even fossil-fuel production less polluting. But as we knock out the easy wins, we’ll also need to get creative to tackle harder-to-solve sectors and reach net-zero emissions. Here are a few intriguing projects from the ARPA-E showcase that caught my eye.
“I heard you have rocks here!” I exclaimed as I approached the Quaise Energy station.
Quaise’s booth featured a screen flashing through some fast facts and demonstration videos. And sure enough, laid out on the table were two slabs of rock. They looked a bit worse for wear, each sporting a hole about the size of a quarter in the middle, singed around the edges.
These rocks earned their scorch marks in service of a big goal: making geothermal power possible anywhere. Today, the high temperatures needed to generate electricity using heat from the Earth are only accessible close to the surface in certain places on the planet, like Iceland or the western US.
Geothermal power could in theory be deployed anywhere, if we could drill deep enough. Getting there won’t be easy, though, and could require drilling 20 kilometers (12 miles) beneath the surface. That’s deeper than any oil and gas drilling done today.
Rather than grinding through layers of granite with conventional drilling technology, Quaise plans to get through the more obstinate parts of the Earth’s crust by using high-powered millimeter waves to vaporize rock. (It’s sort of like lasers, but not quite.)
The emergent industrial metaverse
Annika Hauptvogel, head of technology and innovation management at Siemens, describes the industrial metaverse as “immersive, making users feel as if they’re in a real environment; collaborative in real time; open enough for different applications to seamlessly interact; and trusted by the individuals and businesses that participate”—far more than simply a digital world.
The industrial metaverse will revolutionize the way work is done, but it will also unlock significant new value for business and societies. By allowing businesses to model, prototype, and test dozens, hundreds, or millions of design iterations in real time and in an immersive, physics-based environment before committing physical and human resources to a project, industrial metaverse tools will usher in a new era of solving real-world problems digitally.
“The real world is very messy, noisy, and sometimes hard to really understand,” says Danny Lange, senior vice president of artificial intelligence at Unity Technologies, a leading platform for creating and growing real-time 3-D content. “The idea of the industrial metaverse is to create a cleaner connection between the real world and the virtual world, because the virtual world is so much easier and cheaper to work with.”
While real-life applications of the consumer metaverse are still developing, industrial metaverse use cases are purpose-driven, well aligned with real-world problems and business imperatives. The resource efficiencies enabled by industrial metaverse solutions may increase business competitiveness while also continually driving progress toward the sustainability, resilience, decarbonization, and dematerialization goals that are essential to human flourishing.
This report explores what it will take to create the industrial metaverse, its potential impacts on business and society, the challenges ahead, and innovative use cases that will shape the future. Its key findings are as follows:
• The industrial metaverse will bring together the digital and real worlds. It will enable a constant exchange of information, data, and decisions and empower industries to solve extraordinarily complex real-world problems digitally, changing how organizations operate and unlocking significant societal benefits.
• The digital twin is a core metaverse building block. These virtual models simulate real-world objects in detail. The next generation of digital twins will be photorealistic, physics-based, AI-enabled, and linked in metaverse ecosystems.
• The industrial metaverse will transform every industry. Currently existing digital twins illustrate the power and potential of the industrial metaverse to revolutionize design and engineering, testing, operations, and training.
The Download: China’s retro AI photos, and experts’ AI fears
Across social media, a number of creators are generating nostalgic photographs of China with the help of AI. Even though these images get some details wrong, they are realistic enough to trick and impress many of their followers.
The pictures look sophisticated in terms of definition, sharpness, saturation, and color tone. Their realism is partly down to a recent major update of image-making artificial-intelligence program Midjourney that was released in mid-March, which is better not only at generating human hands but also at simulating various photography styles.
It’s still relatively easy, even for untrained eyes, to tell that the photos are generated by an AI. But for some creators, their experiments are more about trying to recall a specific era in time than trying to trick their audience. Read the full story.
Zeyi’s story is from China Report, his weekly newsletter giving you the inside track on tech in China. Sign up to receive it in your inbox every Tuesday.
Read more of our reporting on AI-generated images:
+ These new tools let you see for yourself how biased AI image models are. Bias and stereotyping are still huge problems for systems like DALL-E 2 and Stable Diffusion, despite companies’ attempts to fix it. Read the full story.