Security News > 2021 > November > Threat actors offer millions for zero-days, developers talk of exploit-as-a-service
While mostly hidden in private conversations, details sometimes emerge about the parallel economy of vulnerability exploits on underground forums, revealing just how fat of a wallet some threat actors have.
If it takes too long, developers may lose the chance to make big money because competitors may come up with an exploit variant, dragging down the price.
For this reason, cybercriminals are now discussing an "Exploit-as-a-service" solution that would allow exploit developers to rent out a zero-day exploit to multiple parties.
High-rollers: threat actors that sell and buy zero-day exploits for prices starting from $1,000,000, with wallets that may be sponsored by a nation-state or successful entrepreneurs.
General merchants: sellers that trade less-critical vulnerabilities, exploit kits, and databases with info of companies with unpatched vulnerabilities.
Code communicators: actors that share and advertise PoC exploit code on GitHub.
News URL
Related news
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- Cloudflare’s developer domains increasingly abused by threat actors (source)
- Mitel MiCollab zero-day flaw gets proof-of-concept exploit (source)
- Mitel MiCollab zero-day and PoC exploit unveiled (source)
- New Mirai botnet targets industrial routers with zero-day exploits (source)
- Zero-day exploits plague Ivanti Connect Secure appliances for second year running (source)