Stuxnet, for example, would have been much more difficult to decipher had the attackers used better obfuscation to thwart the researchers’ forensic tools—such as more sophisticated encryption techniques that would prevent anyone except the target machines from unlocking the payload or even identifying that Stuxnet was targeting Siemens Step 7 software and PLCs.
Maybe they paid handsomely for exotic attacks but patched them together amateurishly because the authors were not nearly as sophisticated as the zero day providers?
