Some criminals package exploits into bundles to sell on cybercriminal forums years after they were zero days, while others say bounties aren’t enough .
Eavesdropping on the chatter of 600+ cybercriminal forums shows that cybercriminals have specific preferences, shown by the flavors of exploits they requisition, and that the bug bounty programs either are too slow, don’t pay enough or are just the start of profit-making.
A year-long study into the underground market for exploits in cybercriminal forums demonstrates that crooks are salivating for Microsoft bugs, which are far and away the most requested and most sold exploits, but that exploits can be valuable for years past their zero days, meaning that patching is still high-priority for high-priority vulnerabilities.
Mayra Fuentes is a senior threat researcher with Trend Micro who’s currently focused on underground cybercriminal forums, gaming, IoT botnets, the Middle East underground and illicit online activity. At this year’s all-virtual RSA Conference, she gave a presentation titled Tales from the Underground: a detailed dive into underground cybercriminal forums, showing who’s buying, what they’re paying, who’s selling, how the prices fall over time, how exploits stay valuable up to years and what motivations these threat actors cite when it comes to skipping legal disclosure.
Myra came onto the Threatpost podcast to discuss the people who are buying and selling these exploits and why.
Download our exclusive FREE Threatpost Insider eBook, “2021: The Evolution of Ransomware,” to help hone your cyber-defense strategies against this growing scourge. We go beyond the status quo to uncover what’s next for ransomware and the related emerging risks. Get the whole story and DOWNLOAD the eBook now – on us!