A group of Spanish entrepreneurs have today launched Zerod, the world's first hacker marketplace for businesses. The service offers businesses of any size a way to find and hire security testing services for their tech infrastructure. There are currently around 150 security specialists from 30 countries available at launch, and the site boasts that over 1500 vulnerabilities have been dealt with so far.
The move reflects the growing demand from businesses for safe and professional security testing. Ethical hacking received a big boost in 2022 when the US Justice Department declared that "good faith" security research would no longer be charged under the Computer Fraud and Abuse Act. As a result, this form of enhanced pen-testing has seen a surge in popularity, as the rise of ransomware and foreign agent attacks increased exponentially. Current estimates suggest that the market could be worth over $10 billion by 2028.
The whole experience is reminiscent of freelance services like Upwork.
One of the key features of the new Zerod service is the customer interface. The user experience is light and clean, a refreshing change from the more drab look most security services offer. The available specialists are displayed on a brightly colored global map, along with a stylish hover box motif to allow for evaluation and selection. The whole experience is reminiscent of freelance services like Upwork, which should make it much more accessible for busy IT managers in need.
Each hacker specialist has to have over 5 years of experience and specific certifications and credentials. They each then undergo a test and personal interview and agree to continuous monitoring as they complete their projects. Clients who need an urgent pentest can sign up to receive three fast quotes, from which they can choose the hacker they prefer. It's an interesting step up from the usual Google search and haggle process.
As well as this novel marketplace model, Zerod also offers more conventional corporate cybersecurity agency services. This includes more complex pen testing, ongoing forensic analyses, and external consultancy expertise, such as providing Chief Information Security Officer services. As you'd expect, the company holds comprehensive liability insurance, as well as ISO 27001 certification, although the site doesn't display any explicit SLA agreement terms, which could be a worry for some.
Underpinning a bigger issue
Cybersecurity is becoming a serious problem around the world. In 2023 alone, more than 10% of major companies were targeted by attempted ransomware attacks. According to Chainalysis, a blockchain monitoring firm, these attacks netted an astonishing $1.1 billion from victims, a huge increase over the previous years.
Analysts attributed this rise to "a major escalation in the frequency, scope, and volume of attacks." Surprisingly, over 75% of the ransomware payments were for $1 million or more. Malicious actors have clearly learned some new tricks.
Hopefully, the rise of more accessible and easy-to-use services like Zerod will go some way towards combatting the scourge of attacks. However, this is a war that's destined to grow more vicious in the trenches as new technologies, including AI, start to play a greater part.
Already there are signs that one major vector for the increasing number of attacks is a rise in marketplaces selling ransomware tools to less sophisticated criminals. It's an arms race that the world doesn't need right now.
