For Sale - Dark Web Exploits
Updating and patching to protect against vulnerabilities as soon as they become known is vital but it's not just Zero-Day exploits that security teams need to worry about. For cyber criminals, buying a proven exploit off the shelf on the Dark Web has the advantage of something known to be effective, where all the hard work has already been done for the buyer.
Indeed, researchers at Trend Micro have found that 22% of exploits for sale in underground forums are more than three years old, emphasising the importance that organisations should place on patching vulnerabilities that pose the greatest risk to their organisation, not just the latest ones.
A new report Trend Micro reveals a decline in the market for Zero-Day over the past two year, driven in part by the the rise of Access-as-a-Service, the new force in the exploit market. Access-as-a-Service has the advantages of an exploit, but all the hard work has already been done for the buyer, with underground prices starting at $1,000.
The lifespan of a vulnerability or exploit does not depend on when a patch becomes available to stop it. In fact, older exploits are cheaper and therefore may be more popular with criminals shopping in underground forums and virtual patching remains the best way to mitigate the risks of known and unknown threats to your organisation.
The report reveals several risks of legacy exploits and vulnerabilities, including:
- The oldest exploit sold in the underground was for CVE-2012-0158, a Microsoft RCE.
- CVE-2016-5195, known as the Dirty Cow exploit, is still ongoing after five years.
- In 2020, WannaCry was still the most detected malware family in the wild, and there were over 700,000 devices worldwide vulnerable as of March 2021.
- 47% of cyber criminals looked to target Microsoft products in the past two years.
These trends are combining to create greater risk for organizations. With nearly 50 new CVEs released per day in 2020, the pressure on security teams to prioritize and deploy timely patches has never been greater, and it’s showing.
Today, the time to patch averages nearly 51 days for organizations patching a new vulnerability. To cover that gap in security protection, virtual patching is key. It is based on intrusion prevention technology and offers a hassle-free way to shield vulnerable or end-of-life systems from known and unknown threats indefinitely. Applying all available vulnerability patches can be a nearly impossible task for any organisation. It is simply unrealistic for organisations to have their systems be completely invulnerable. Virtual patching is one way for organisations to buy additional time needed for security teams to implement the necessary updates, making it a crucial aspect of patch management.
While several patch prioritisation approaches exist for vulnerability management, organisations should factor into the equation the exploits that cyber criminals actually wish to use and can purchase, rather than simply patching vulnerabilities based on severity.
Since vendors and manufacturers need time to come up with and deploy the necessary patches and upgrades upon the disclosure of a vulnerability, these temporary fixes give them time for permanent solutions, as well as help avoid unnecessary downtime for organisations to implement patches at their own pace. This is especially important when it comes to zero-day vulnerabilities since virtual patches protect systems and networks by serving as an additional security layer from both known and unknown exploits.
Trend Micro's researchers saw the price of an exploit continually drop over time until it eventually fell to zero, making the exploit progressively more accessible to more cyber criminals as time passed and allowing more malicious actors to incorporate the exploit for the vulnerability into their cyber criminal business models.
The longevity of a valuable exploit is longer than you might reasonably expect and this is vital information for anyone who manages their organisation’s patch management program, since addressing yesterday’s popular vulnerability can often be more important than addressing today’s critical one.
You Might Also Read:
Avoiding Arrest: Cyber Criminals Share Dark Web Secrets: