Nov 18, 2021
81 Views
0 0

Threat actors offer millions for zero-days, developers talk of exploit-as-a-service

Written by

Windows 10 21H2 is released, here are the new features
New Rowhammer technique bypasses existing DDR4 memory defenses
WordPress sites are being hacked in fake ransomware attacks
Emotet malware is back and rebuilding its botnet via TrickBot
Most SS7 exploit service providers on dark web are scammers
Russian ransomware gangs start collaborating with Chinese hackers
TikTok phishing threatens to delete influencers’ accounts
Victims of $2 billion BitConnect fraud to get back $57 million
Qualys BrowserCheck
STOPDecrypter
AuroraDecrypter
FilesLockerDecrypter
AdwCleaner
ComboFix
RKill
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove the Smashapps.net Search Redirect
Remove the Smashappsearch.com Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
eLearning
IT Certification Courses
Gear + Gadgets
Security
Threat actors offer millions for zero-days, developers talk of exploit-as-a-service
While mostly hidden in private conversations, details sometimes emerge about the parallel economy of vulnerability exploits on underground forums, revealing just how fat of a wallet some threat actors have.
Some adversaries claim multi-million U.S. dollar budgets for acquiring zero-day exploits but those that don’t have this kind of money may still have a chance to use zero-days if a new ‘exploit-as-a-service’ idea becomes reality.
The dialog about vulnerabilities, both old and new, on cybercriminal communities sometimes includes offers to buy exploits for big money.
One forum user in early May offered $25,000 for proof-of-concept (PoC) exploit code for CVE-2021-22893, a critical-severity vulnerability in Pulse Secure VPN that had been leveraged by Chinese hackers since at least April.
Threat actor offering $25,000 for CVE-2021-22893 PoC
Another actor with deeper pockets claimed a budget of up to $3 million for no-interaction remote code execution (RCE) bugs, the so-called zero-click exploits, for Windows 10 and Linux.
The same user offered up to $150,000 for original solutions for “unused startup methods in Windows 10” so malware would be active every time the system booted.
Threat actor claiming $3 million budget for zero-day exploits
By comparison, exploit acquisition company Zerodium offers up to $1 million for a zero-click RCE in Windows 10. The highest payout from the broker is up to $2.5 million for a zero-click full-chain persistence in Android, followed by $2 million for the iOS equivalent.
The posts were captured by researchers at risk protection company Digital Shadows, who looked at threat actors’ activity to take advantage of security weaknesses.
During the investigation, they observed some actors engaged in talks about zero-day prices as high as $10 million.
The researchers note that such prices are no longer restricted to nation-state hackers and that cybercriminals, particularly ransomware groups, can also afford them.
Completing a big sale, though, is not easy and may take a long time. If it takes too long, developers may lose the chance to make big money because competitors may come up with an exploit variant, dragging down the price.
For this reason, cybercriminals are now discussing an “exploit-as-a-service” solution that would allow exploit developers to rent out a zero-day exploit to multiple parties.
This alternative could generate huge profits to zero-day exploit developers, while they wait for a definitive buyer, the researchers say.
“Additionally, with this model, renting parties could test the proposed zero-day and later decide whether to purchase the exploit on an exclusive or non-exclusive basis” – Digital Shadows
Just like in the case of malware-as-as-service, renting out the exploits would let less-skilled adversaries deploy more complex attacks and hit more valuable targets.
The report from Digital Shadows highlights that adversaries, financially motivated cybercriminals or state-sponsored hackers, are quick to integrate new attack methods and are constantly looking for new exploit code.
“This scene is bursting with a variety of widespread actors who boast a whole range of technical expertise and motives” – Digital Shadows
Users of various skill levels share knowledge and tools to improve their attacks and build stronger relationships that could prove lucrative in the longer run.
Some users stand out in these communities because of the dialog they generate either on the public or private face of the forum on vulnerability exploitation.
Digital Shadows researchers categorized some of them, admitting that “there can be major crossover” between them:
Threat actor communities are highly active and deeply connected to the infosec technical literature, striving to come up with new attack methods that would give them access to bigger targets.
They are not necessarily looking for new vulnerabilities, although these are the most coveted, but also explore older bugs that did not receive enough attention and could be exploited.
Sitecore XP RCE flaw patched last month now actively exploited
Over 30,000 GitLab servers still unpatched against critical bug
Hacking group also used an IE zero-day against security researchers
All Windows versions impacted by new LPE zero-day vulnerability
Emergency Google Chrome update fixes zero-days used in attacks
Not a member yet? Register Now
New Microsoft emergency updates fix Windows Server auth issues
High severity BIOS flaws affect numerous Intel processors
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.

source

Article Categories:
Cybersecurity News

Comments are closed.