Categories
Articles

Cybercriminals discuss new business model for zero-day exploits – TechTarget

Getty Images/iStockphoto
A new business model for threat actors may level the playing field among cybercriminals and pose more trouble for enterprise security teams.
While gathering vulnerability intelligence through dark web forums, Digital Shadows researchers observed discussions on the emergence of exploit as a service, which would “inevitably lower the barrier for accessing sophisticated exploits.” In this scenario, rather than sell a zero-day exploit to one threat actor, the developer would rent it out to as many people as possible in a controlled way as not to burn it.
Over the past few months, Digital Shadows researchers have been monitoring these discussions, which have been gaining attention and responses from a variety of users. The threat intelligence vendor released findings in a blog post and research paper this week. Stefano De Blasi, cyber threat analyst at Digital Shadows, told SearchSecurity they have observed a sort of cooperation within the cybercrime ecosystem.
The potential new service is a product of the highly profitable zero-day market, where researchers have seen multimillion-dollar price tags for exploits. For De Blasi, it’s another sign of the “lowering of the professionalization and sophistication needed to conduct certain attacks.” 
“Traditionally, zero-days have always been a prerogative of state-sponsored actors because, of course, they were the ones with the most financial and technical resources. But in the last few years, the professionalization and sophistication of cybercrime has also led cybercriminal groups to compete with state-sponsored actors for buying these zero-days,” De Blasi said.
However, from a developer perspective, De Blasi said the current business model is not always viable.
Though there are legitimate, legal ways to purchase exploits, Digital Shadows’ research focuses on the illegal marketplace. In that market, when a malware developer discovers a zero-day vulnerability and creates a tool for it, they will try and auction it on a cybercriminal forum, according to De Blasi. While prices can reach several millions of dollars, it is not always the case and there is not always an immediate buyer. That’s where an exploit-as-a-service model comes in.
“In this way, [developers] can try and monetize that zero-day before they sell it entirely to someone else  — or before the zero-day is discovered by security researchers, for example, and it’s patched and they just lose all the potential money they could have made,” De Blasi said.
It also benefits the cybercriminals who, according to the research blog, “could test the proposed zero day and later decide whether to purchase the exploit on an exclusive or non-exclusive basis.”
Though the business model has potential for both parties, it also poses risks such as multiple actors using the same zero-day. As soon as the zero-day is detected and it is clear someone is exploiting it, De Blasi, said it will lose the zero status and much of its value.
One possible solution he proposed was the organization of a series of attacks from all parties that rented the zero-day to maximize the zero-day status. It could work, said De Blasi, if the attackers that rent the zero-day exploits are sophisticated enough to obfuscate the traces and conduct cyberespionage campaigns, for example, rather than a ransomware attack, which may draw more attention.
“On the other hand, I think personally what is going to happen is that this exploits-as-a-service model will develop not as much with zero-days, but maybe with just-discovered vulnerabilities but ones that aren’t broadly patched. So they will create some custom exploits and try to rent those ones instead of zero-days, because those are quite complicated,” De Blasi said.
Cybercriminals are also addressing complications of the new business model. According to De Blasi’s research, the discussions are “active and ongoing every day” as they try and find a solution to the problem of maximizing the revenues before zero-day exploits are detected and patched.
If this model takes off, De Blasi said it could cause serious issues for enterprise security teams, who could face more zero-day threats. Additionally, it could take advantage of unpatched vulnerabilities, which is already a main concern for enterprises because many are slow to patch.
“It will provide a lot of different actors with the capability needed to conduct some serious cyber attacks,” De Blasi said.
Explore three major multi-tenancy security challenges and how to fix them, including lack of visibility, privilege overallocation…
If your company is using a cloud database provider, it’s critical to stay on top of security. Review the security features …
The cloud-native application protection platform, or CNAPP, is the latest in a slew of cloud security acronyms. Learn what it is …
Cisco product orders were up 33% in its most recent fiscal quarter. Supply chain issues, rising prices, and historic backlog …
The Quantum-2 InfiniBand platform, introduced this week, includes software, a BlueField-3 DPU, a Quantum-2 switch, and a ConnectX…
Major trends in network hardware highlight enterprise interest in vendor-agnostic options and open models. But legacy designs …
The U.S. China commission recommended that businesses be transparent about their Chinese operations as both companies and …
The U.S. infrastructure bill intends to close the digital divide with $65 billion in new spending. But it may still leave the U.S…
The CIO is critical for ensuring strong cybersecurity within the organization. Learn why the CIO’s role inherently makes that …
Loop lets teams track project status while editing documents in a single app. The Microsoft 365 software works with Word, …
People might no longer be able to use workarounds like EdgeDeflector to set another browser, such as Google Chrome or Mozilla …
While there are lots of uses for Hyper-V, Windows 10 administrators can take advantage of its isolated VMs for lab testing of …
As AWS prepares for its biggest event of the year, our contributors predict what the cloud vendor will unveil at re:Invent 2021.
Ready to move your on-premises apps to the cloud? From rehosting vs. redesigning to testing and monitoring, follow these key …
With AWS re:Invent 2021 offering an in-person option this year, attendees can choose from a range of interactive session types.
Subpostmaster campaign group founder calls for members to withdraw support for public inquiry into Horizon IT scandal over lack …
The sudden reappearance of Emotet this week has security teams on high alert, but do we need to be worried about its return, and …
Nokia strikes further deal for private network infrastructure, helping leading MENA utilities company modernise its grids
All Rights Reserved, Copyright 2000 – 2021, TechTarget

Privacy Policy
Cookie Preferences
Do Not Sell My Personal Info

source

Leave a Reply

Your email address will not be published. Required fields are marked *