"Only legitimate government agencies are supposed to use surveillanceware against criminal targets but governments and companies are widely abusing this, as we've covered many times in the past. Legal surveillanceware companies have targeted activists, journalists, and even political figures, and there's also evidence that the vulns are leaking into the malware sphere. An analysis [PDF] of the industry by security operations center specialist Sekoia shows that surveillanceware vendors are seeing business grow in leaps and bounds and prices are going up to match."
"For example, the report recounts that, in 2011, the Gamma Group - a British biz that was offering FinFisher spyware that was first exposed by The Register to government agencies was charging €1,100 per infection. Four years later, the Italian vendor Hacking Team was offering similar attack code for €1 million for a full hacking service, but by 2022, an investigation into the Candiru spyware biz showed that it was charging €6 million for its surveillanceware-as-a-service operations."
Governments and companies are widely abusing surveillanceware that is supposed to be limited to legitimate law-enforcement use. Surveillanceware vendors are experiencing rapid business growth and raising prices to match increasing client demand. Prices rose from roughly €1,100 per infection in 2011 to about €1 million for a full service within a few years, reaching around €6 million for surveillanceware-as-a-service by 2022. Rising exploit and zero-day costs contribute to higher surveillanceware prices. Higher bug prices benefit flaw finders but increase costs for companies seeking to secure platforms and remediate critical vulnerabilities.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]