Hackers spend millions on 0-day exploits on cybercrime forums.
A hacker named integra deposited 26.99 bitcoins on a cybercrime forum, claiming that the deposit was used to buy 0-day exploits from forum members.
Figure 1 is what the hacker posted on the forum:
The hacker joined the forum in September 2012 and gained a relatively high reputation for a while. In addition, the hacker registered an account on another cybercrime forum in October 2012.
Figure 2 shows what the hacker posted on a cybercrime forum:
The exploits and malware that need to be acquired include:
Remote access Trojans not flagged as malware by any security product;
Take advantage of Start menu methods in Windows 10, such as malware and registry bypass techniques. Hackers are willing to offer a $150,000 reward for such remote solutions;
0-day exploit for remote code execution and local privilege escalation. The hacker said the budget for the exploit was about $3 million.
Zero-day vulnerabilities allow hackers to exploit security blind spots. The huge sums the hackers paid to buy exploits shows how much the hacker group cares about the use cases for these exploits.
The researchers recommend that enterprises fix known security updates and conduct timely security audits.