Researchers investigating how attackers continue to exploit organizations’ weaknesses have reported that cybercriminals’ strategies may expand to include an Exploit-as-a-Service business model. The Digital Shadows Photon Research Team collected evidence from cybercriminal markets and forums to better understand how vulnerabilities are bought and sold. They report some high-profile criminal groups, such as ransomware gangs, have amassed enough funds to compete with traditional buyers of zero-days — an expensive and competitive market, researchers note. Their investigation revealed criminals discussing ideas for an Exploit-as-a-Service model that would “inevitably lower the barrier” for accessing these sophisticated exploits, the team wrote in a blog post. “This model would allow capable threat actors to ‘lease’ zero-day exploits to other cybercriminals to conduct their attacks,” the report states. The benefit goes both ways: A developer can earn high profits when selling a zero-day exploit; however, it takes a lot of time to finalize a sale. This model would let developers generate even more earnings by renting out their exploits while waiting on a buyer. “Additionally, renting parties could test the proposed zero-day and later decide whether to purchase the exploit on an exclusive or non-exclusive basis,” researchers noted.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased