Well that did not take long. Only weeks after Microsoft issued the end of life for Windows XP, a vulnerability surfaces that is also reported as being used by a “known gang of malicious hackers.” Of course for many users the task of patching will be relatively straightforward, but for many the reason to migrate from Windows XP will only get stronger.
Dubbed Operation Clandestine Fox researchers have observed attacks actively targeting Internet Explorer versions 9, 10, and 11 luring users onto malicious websites. The use of this vulnerability within an active campaign should come as no surprise, as the attackers are simply seeking a return on investment on the time and money spent researching, and exploiting the vulnerability. In our whitepaper entitled Cybercrime Exposed we exposed the service based nature of some cybercrime, and if you have the odd $80,000 available you can purchase the next zero-day for IE. Or for that matter iOS, Adobe, Android, or indeed any other Operating System or Application.
What this means is that there is a thriving market for zero-day vulnerabilities, and whilst the manner in which attackers learned of this vulnerability is currently unknown, the sale of such research invariably brings more players to the table. Further, based on simple economics, those that are acquiring these vulnerabilities will look for a return on investment. As we stated in our recent whitepaper (Jackpot! Money Laundering through Online Gambling) money is driving the growth of cybercrime and there are very large numbers at play here.
Whereas in the past a relationship would have likely be a pre-requisite to facilitate an acquisition (for example the Zotob worm), today there are zero-day vulnerability brokers with a client list of willing participants with huge sums of money to acquire these vulnerabilities.
The net result is that there will be many more of these vulnerabilities being exploited in the wild, and whilst for some users the ability to patch is one way to mitigate the threat for most this is simply not an option. Equally one further consideration is that many critical infrastructure providers, many command and control systems and many ATMs are based on Windows XP. That is why for many critical infrastructure providers the end of life of Windows XP is being referred to as the equivalent of Y2K.