Security News > 2021 > November > Threat actors offer millions for zero-days, developers talk of exploit-as-a-service
While mostly hidden in private conversations, details sometimes emerge about the parallel economy of vulnerability exploits on underground forums, revealing just how fat of a wallet some threat actors have.
If it takes too long, developers may lose the chance to make big money because competitors may come up with an exploit variant, dragging down the price.
For this reason, cybercriminals are now discussing an "Exploit-as-a-service" solution that would allow exploit developers to rent out a zero-day exploit to multiple parties.
High-rollers: threat actors that sell and buy zero-day exploits for prices starting from $1,000,000, with wallets that may be sponsored by a nation-state or successful entrepreneurs.
General merchants: sellers that trade less-critical vulnerabilities, exploit kits, and databases with info of companies with unpatched vulnerabilities.
Code communicators: actors that share and advertise PoC exploit code on GitHub.
News URL
Related news
- Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671) (source)
- PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers (source)
- QNAP QTS zero-day in Share feature gets public RCE exploit (source)
- Update Chrome Browser Now: 4th Zero-Day Exploit Discovered in May 2024 (source)
- Week in review: Google fixes yet another Chrome zero-day exploit, YouTube as a cybercrime channel (source)
- Zero-Day Exploits Cheat Sheet: Definition, Examples & How It Works (source)