An exploit is a type of program, created to target a particular weakness - called a vulnerability - in a piece of software or hardware.
This is a tool that cybercriminals use to exploit software vulnerabilities, such as Microsoft software, to carry out illegal acts such as unauthorized access or data theft.
Kaspersky researchers found 547 exploit listings in the first nine months of 2024. The listings were posted on dark web forums and anonymous channels on the Telegram app. About half of the listings targeted zero-day and one-day vulnerabilities. The average price for exploits for remote attacks was $100,000.
More than half of dark web postings (51%) offered to sell or purchase exploits targeting zero-day or one-day vulnerabilities. Zero-day exploits target vulnerabilities that have not yet been discovered and patched by the software vendor, while one-day exploits target vulnerabilities that have been discovered and patched, but the system has not yet installed the patch.
“Exploits can target any program or software, but the most sought-after and expensive tools are often targeted at enterprise software,” said Anna Pavlovskaya, senior analyst at Kaspersky Digital Footprint Intelligence. “Cybercriminals can use exploits to steal corporate information or spy on an organization without being detected to achieve their goals.”
The dark web marketplace offers a wide variety of exploits, the two most common of which are those targeting remote attack vulnerabilities and those targeting privilege escalation vulnerabilities.
According to an analysis of more than 20 advertisements, the average price of an exploit targeting RCE is around $100,000, while LPE exploits typically cost around $60,000. Exploits targeting RCE vulnerabilities are considered more dangerous because attackers can take control of part or all of a system or access secure data.
To proactively deal with threats related to vulnerabilities and exploits, cybersecurity experts recommend:
- Use tools to proactively monitor dark web markets and detect threats targeting corporate systems early.
- Use EDR and XDR solutions to increase real-time protection, detect, investigate and respond immediately…
- Regularly perform security assessments to identify and patch vulnerabilities before they can be exploited by attackers to launch cyber attacks.
