Dark web sees surge in pricey software exploit listings

Yesterday

Between January 2023 and September 2024, Kaspersky identified 547 listings on the dark web related to the trade of software vulnerability exploits.

These listings are reportedly found on various dark web forums and shadow Telegram channels, with a significant portion, approximately 50%, targeting zero-day and one-day vulnerabilities. Kaspersky noted that the average cost for remote code execution (RCE) vulnerability exploits reached USD $100,000.

Exploits are tools cybercriminals use to exploit software vulnerabilities, such as those in Microsoft products, to conduct illicit operations including unauthorised access or data theft. More than half of the posts on the dark web were aimed at zero-day or one-day vulnerabilities. Zero-day vulnerabilities are those not yet identified and patched by software vendors, while one-day vulnerabilities occur in systems lacking the necessary updates.

Anna Pavlovskaya, Senior Analyst at Kaspersky Digital Footprint Intelligence, stated, "Exploits can target any program, but the most desirable and expensive ones often focus on enterprise-level software. These tools enable cybercriminals to carry out attacks, which equate to substantial gains for them, such as stealing corporate information or spying on an organisation undetected. However, some exploit offers on the dark web may be fake or incomplete, meaning they don't function as advertised. Additionally, a significant portion of transactions are likely to occur in private. These two factors complicate the assessment of the actual market volume for functional exploits."

There was a notable increase in exploit sales activity in May, marking the peak of the analyzed period with 50 posts, compared to an average of 26 per month. Pavlovskaya added, "Peaks in the exploit market's activity are unpredictable and hard to link to specific events. Interestingly, in May, the dark web witnessed the sale of one of the most expensive exploits during the analysed period – allegedly, for a Microsoft Outlook zero-day vulnerability priced at nearly two million US dollars. Overall, the exploit market remains stable; while activity fluctuates, the threat is always present. This highlights the need for cybersecurity hygiene practices, such as the regular patching and monitoring of digital assets on the dark web."

Two prevalent types of exploits on the dark web are for remote code execution and local privilege escalation (LPE) vulnerabilities. RCE exploits are sold for approximately USD $100,000 on average, while LPE vulnerabilities are priced at around USD $60,000. RCE vulnerabilities pose a higher risk as they enable remote takeover of systems or access to private data.

To combat threats from vulnerabilities and exploits, Kaspersky recommends using their Digital Footprint Intelligence to monitor the dark web for related threats. Organisations are encouraged to employ the Kaspersky Next product line, which offers real-time protection, threat visibility, investigation, and response capabilities suitable for enterprises of all sizes. Regular security assessments are advised to discover and rectify vulnerabilities before they are exploited by attackers.

Share on: