While mostly hidden in private conversations, details sometimes emerge about the parallel economy of vulnerability exploits on underground forums, revealing just how fat of a wallet some threat actors have.
Some adversaries claim multi-million U.S. dollar budgets for acquiring zero-day exploits but those that don’t have this kind of money may still have a chance to use zero-days if a new ‘exploit-as-a-service’ idea becomes reality.
One forum user in early May offered $25,000 for proof-of-concept (PoC) exploit code for CVE-2021-22893, a critical-severity vulnerability in Pulse Secure VPN that had been leveraged by Chinese hackers since at least April.
Another actor with deeper pockets claimed a budget of up to $3 million for no-interaction remote code execution (RCE) bugs, the so-called zero-click exploits, for Windows 10 and Linux.
The same user offered up to $150,000 for original solutions for “unused startup methods in Windows 10” so malware would be active every time the system booted.
Another actor with deeper pockets claimed a budget of up to $3 million for no-interaction remote code execution (RCE) bugs, the so-called zero-click exploits, for Windows 10 and Linux.
The same user offered up to $150,000 for original solutions for “unused startup methods in Windows 10” so malware would be active every time the system booted.
Users of various skill levels share knowledge and tools to improve their attacks and build stronger relationships that could prove lucrative in the longer run.
Some users stand out in these communities because of the dialog they generate either on the public or private face of the forum on vulnerability exploitation.
Researchers categorized some of them, admitting that “there can be major crossover” between them:
- High-rollers: threat actors that sell and buy zero-day exploits for prices starting from $1,000,000, with wallets that may be sponsored by a nation-state or successful entrepreneurs
- General merchants: sellers that trade less-critical vulnerabilities, exploit kits, and databases with info (name and IPs) of companies with unpatched vulnerabilities
- General buyers: individuals with technical skills that are interested in buying exploits but rarely have the funds to make a purchase; they usually wait for the prices to go down
- Code communicators: actors that share and advertise PoC exploit code on GitHub
- Show-offs: highly-technical forum members that discuss bugs, participate in competitions, and share some of their knowledge on performing an exploit
- Newbies: less-technical users that learn from more knowledgeable forum members’ they sometimes apply what they learn and share the info on other forums to earn more credit or just as a community service
- Newshounds: contributors that share articles and news about recently discovered vulnerabilities
Article attributed to Bleeping Computer
From The Shadows Comes Information