Cybercriminals are now interested to buy zero-day vulnerabilities

December 13, 2021
Cybercriminals Threat Actors Hackers Zero Day Vulnerabilities Dark Web

Cybercriminals are now eyeing zero-day vulnerabilities as they find new vectors to launch cyberattacks because through it, they can exploit the vulnerabilities they can get their hands on. However, purchasing zero-day vulnerabilities can be quite pricey since owning one can also generate massive profit for threat actors.

If cybersecurity researchers have not yet uncovered a flaw, cybercriminals can ultimately exploit them to their full potential and execute attacks away from experts’ knowledge. Victims will also not have the capability to mitigate the attack or enable security updates immediately.

The same incident happened during the Microsoft Exchange vulnerabilities being disclosed this year, as cybercriminals quickly took advantage of them to benefit from the flaws before security patches were launched.

 

Nation-state hackers are the usual exploiters of zero-day vulnerabilities, yet researchers found that other cybercriminals have also been interested in purchasing them on the black market.

 

According to researchers, the market of zero-day flaws is extremely expensive and competitive among all types of threat actors. Usually, state-backed groups are entitled to it. Now, other high-profile cybercriminals like ransomware groups who have acquired massive wealth from the past years have become interested in competing in buying zero-day vulnerabilities.

States can legally avail zero-day vulnerabilities from firms that manufacture these tools, but if cybercriminals develop them outside of the law, it will be easy to recognise a client from the cybercrime landscape. Nonetheless, only a few cyber-criminals could afford zero-day flaws’ market price that can reach up to millions of dollars. If they could succeed with their ransomware attacks, then the price to pay could be worth it.

Another way cybercriminals can profit from the flaws is by leasing them to fellow threat actors called exploit-as-a-service. It is when the owner of the flaw can let others rent it and make money from it faster.

Zero-day vulnerability developers still prefer selling the tools to state-backed groups. Still, the fact that other threat groups have taken an interest to compete in buying it shows that the cybercrime landscape is continuously evolving and that some groups are willing to level with state-backed operations.

An expert explained that the growth of the exploit-as-a-service business model revealed the consistent development of the cybercrime landscape’s sophistication and professionalisation.

About the author