{"id":6137,"date":"2021-11-18T19:13:18","date_gmt":"2021-11-18T19:13:18","guid":{"rendered":"https:\/\/blog.gridinsoft.com\/?p=6137"},"modified":"2021-12-06T12:31:43","modified_gmt":"2021-12-06T12:31:43","slug":"researchers-noticed-that-the-darknet-is-discussing-exploits-as-a-service","status":"publish","type":"post","link":"https:\/\/gridinsoft.com\/blogs\/researchers-noticed-that-the-darknet-is-discussing-exploits-as-a-service\/","title":{"rendered":"Researchers noticed that the darknet is discussing exploits as a service"},"content":{"rendered":"

Analysts at Digital Shadows have prepared a report<\/a> on the exploit market on the darknet – it is noticed that the criminals have come up with an “exploits as a service” scheme. Some cybercriminals have multimillion-dollar budgets to acquire 0-day exploits.<\/h4>\n

The researchers explain that attackers, financially motivated cybercriminals and “government hackers” are rapidly adopting new attack methods and are constantly on the lookout for new exploits.<\/p>\n

This scene is filled with many well-known criminals who boast a range of technical expertise and motives.the report says.<\/a><\/span><\/div><\/div>\n

The researchers write that although most often buying and selling exploits occurs in private conversations, sometimes vulnerabilities are bought and sold directly on hacker forums. For example, in early May 2021, a hacker openly offered $25,000<\/strong> for a PoC exploit for the CVE-2021-22893<\/strong> critical vulnerability affecting Pulse Secure VPN. This problem has been used<\/a> by Chinese hackers since at least April of this year.<\/p>\n

\"exploits<\/a><\/p>\n

Another hacker even stated that he was ready to pay up to $3,000,000<\/strong> for exploits for RCE vulnerabilities in Windows 10 and Linux, the use of which does not require any user interaction. The same user was offering up to $150,000<\/strong> for previously unused methods of running malware on Windows 10, which would allow malware to remain active on every system boot. <\/p>\n

\"exploits<\/a><\/p>\n

For comparison, the well-known exploit broker Zerodium offers up to $1,000,000<\/strong> for zero-click RCE in Windows 10. And most of all, up to $2,500,000<\/strong>, the company is ready to pay for a chain of persistent zero-click exploits for Android, and $2,000,000<\/strong> for the iOS equivalent of such an attack.<\/p>\n

Researchers at Digital Shadows say they have seen some hackers negotiate exploits for zero-day vulnerabilities at a cost of $10,000,000<\/strong>. Moreover, not only “government hackers”, but also by other cybercriminals, especially ransomware operators, can afford such deals.<\/p>\n

However, this type of transactions are not easy and can be time-consuming. In this case, the developers of the exploit may lose the chance to make money, because if their competitors can offer their own version of the exploit and reduce the price. Digital Shadows writes that for this reason cybercriminals are actively discussing an “exploit as a service” scheme that would allow developers to lease such exploits to several parties at once.<\/p>\n

In addition, using such a model, tenants will be able to test the proposed 0-day and then decide whether to buy the exploit on exclusive or non-exclusive terms.experts say.<\/a><\/span><\/div><\/div>\n

As part of the report, experts from Digital Shadows divided the criminals into several groups, noting that there may be serious intersections between them.<\/p>\n