Ransomware groups are now rich enough to afford zero-day vulnerabilities

Cybercriminals continue to find new ways to launch attacks, and some are now willing to buy zero-day vulnerabilities, a practice typically associated with state-backed groups.

Knowledge about vulnerabilities and exploits can come at a high price in underground forums, as being able to take advantage of it can be very profitable for cybercriminals. This is even more true if it is a “zero-day” vulnerability that software vendors do not know about, because attackers know that potential victims will not have had the opportunity to apply security updates to protect themselves against it.

Zero-day vulnerabilities are generally implemented by groups of attackers backed by states with significant resources. But an analysis by cybersecurity researchers at Digital Shadows shows that there is increasing debate on dark web forums regarding the “zero-day” crime market.

Very expensive defects

“This extremely expensive and competitive market is generally the exclusive domain of state-backed malicious groups. However, some known cybercriminal groups have amassed considerable fortunes in recent years and are now able to compete with traditional buyers of zero-day exploits, ”says Digital Shadows.

“States can legally buy zero-day exploits from companies that are exclusively dedicated to creating these tools,” Stefano De Blasi, a threat researcher at Digital Shadows, told ZDN. “However, when these tools are developed by cybercriminals, it is probably easier for these illegal actors to access them; however, there are only a handful of gamers who could afford the cost of a zero-day exploit. “

Vulnerabilities like this can cost millions of dollars, but that price could be affordable for a successful ransomware group that makes millions from every successful ransomware attack. The buyer could easily recoup what they spend if the vulnerability works as intended by providing a reliable means of infiltrating networks.

Zero-day location

But there is another method of making money from vulnerabilities that could put these vulnerabilities in the hands of less sophisticated cybercriminals: “exploit-as-a-service.”

Rather than directly selling the vulnerability, the cybercriminal who discovered it can rent it out to others. So you can start making money faster than if you had gone through the complex sales process, and you can continue to benefit from it for a long time. You also have the option to sell it at any time.

“This model allows zero-day developers to generate substantial profits by renting the zero-day pond while they wait for an end buyer. Furthermore, with this model, lessees can test the proposed zero-day and then decide whether to buy the exploit exclusively or non-exclusively, ”the report says.

The cybercrime community is growing

Selling to state-backed hacker groups remains the preferred option for some zero-day developers for now, but the growing interest in such exploits on underground forums shows that some cybercriminal groups are breaking down.

The rise of the “exploitation as a service” business model confirms that the cybercrime community is constantly developing, both in terms of sophistication and professionalization. Some prominent criminal groups can now compete in terms of technical skills with state-backed actors; “Many leading ransomware groups, in particular, have accumulated sufficient financial resources to purchase zero-day tools,” says Stefano De Blasi.

Due to the nature of zero-day vulnerabilities, it is difficult to defend networks against them, but cybersecurity practices, such as applying critical security updates as soon as they are released, can prevent cybercriminals from gaining access. A long window to exploit vulnerabilities. Organizations should also have a plan of action if they discover that they have been the victim of an attack.

“Well established and documented incident response strategies can be crucial in responding to any attacker who may have gained access to a target’s environment,” warns Stefano De Blasi.


Rank Math Seo Pro Weadown, Wordfence Premium Nulled, Yoast Nulled, PHP Script, Fs Poster Plugin Nulled, Astra Pro Nulled,Woodmart Theme Nulled, Wpml Nulled, Avada 7.4 Nulled, Woodmart Theme Nulled, PW WooCommerce Gift Cards Pro Nulled, Elementor Pro Weadown, Newspaper – News & WooCommerce WordPress Theme, Nulledfire, Slider Revolution Nulled, Elementor Pro Weadown, Jnews 8.1.0 Nulled, WeaPlay, Business Consulting Nulled, WP Reset Pro, Newspaper 11.2, Flatsome Nulled, Woocommerce Custom Product Ad, Premium Addons for Elementor, Jannah Nulled, Consulting 6.1.4 Nulled, Plugins, WordPress Theme, Dokan Pro Nulled

Back to top button