Hackers competing in this year’s PWN2OWN competition earned hundreds of thousands of dollars. Who paid them?
The companies they hacked. But it isn’t ransomware; this is an example of bug bounty activities. Companies, including Microsoft, Zoom, and Apple challenge hackers to break in and reward them when they do.
The rules are simple: Attackers have 15 minutes to exploit a vulnerability that allows them to run a program on the target computer. In real life, an attacker could run a virus or some other malicious program.
An attack team calling themselves DEVCORE successfully took control of a Microsoft Exchange Server and earned two hundred thousand. An attacker who calls themselves OV broke into Microsoft Teams and earned another 200K. Daan Keuper and Thijs Alkemade from Coputest netted two hundred thousand for taking over a computer using Zoom messenger.
The great news is that Microsoft, Apple, and the other participants will create updates and patches to protect their products. Provide your IT team with time to install the updates to protect your organization. See more about the results here: https://www.zerodayinitiative.com/blog/2021/4/2/pwn2own-2021-schedule-and-live-results
Please forward this to your friends in case they are not aware of hacking contests that ultimately make the world a safer place.