A group of Spanish entrepreneurs today launched Zerod, the first hacker market for companies in the world. The service offers companies of any size a way to find and contract security testing services for their technological infrastructure. There are currently around 150 security specialists from 30 countries available at launch, and the site boasts that over 1,500 vulnerabilities have been fixed so far.
The move reflects growing demand from companies for secure and professional security testing. Ethical hacking received a big boost in 2022 when the US Department of Justice declared that “good faith” security investigations would no longer be charged under the Computer Fraud and Abuse Act. As a result, this form of enhanced penetration testing has seen a surge in popularity, as the rise of ransomware and foreign agent attacks has increased exponentially. Current estimates suggest the market could be worth more than $10 billion by 2028.
The whole experience is reminiscent of freelance services like Upwork.
One of the key features of the new Zerod service is the client interface. The user experience is light and clean, a refreshing change from the more monotonous look that most security services offer. Available specialists are displayed on a brightly colored global map, along with an elegant floating box motif to allow assessment and selection. The whole experience is reminiscent of freelance services like Upwork, which should make it much more accessible for busy IT admins who need it.
Each hacker specialist must have 5+ years of experience and specific certifications and credentials. Each of them then undergoes a test and a personal interview and agrees to ongoing monitoring as they complete their projects. Customers who need an urgent pentest can register to receive three quick quotes, from which they can choose the hacker they prefer. It's an interesting step from the usual process of searching and haggling on Google.
In addition to this novel market model, Zerod also offers more conventional corporate cybersecurity agency services. This includes more complex penetration testing, ongoing forensics, and external consulting experience such as providing Chief Information Security Officer services. As expected, the company has comprehensive liability insurance as well as ISO 27001 certification, although the site does not display any explicit terms of the SLA agreement, which might be a concern for some.
Supporting a bigger problem
Cybersecurity is becoming a serious problem around the world. In 2023 alone, more than 10% of major companies were targeted by attempted ransomware attacks. According to Chainalysis, a blockchain tracking company, these attacks generated a staggering $1.1 billion from victims, a huge increase from previous years.
Analysts attributed this increase to “a significant escalation in the frequency, scope and volume of attacks.” Surprisingly, more than 75% of ransomware payments were worth $1 million or more. Malicious actors have clearly learned some new tricks.
Hopefully, the emergence of more accessible and user-friendly services like Zerod will go some way to combating the scourge of hacks. However, this is a war that is set to become crueler in the trenches as new technologies, including AI, begin to play a larger role.
There are already signs that a major vector of the growing number of attacks is the rise of marketplaces selling ransomware tools to less sophisticated criminals. It's an arms race that the world doesn't need right now.
