Half of exploits for sale on the dark web target unpatched zero-day vulnerabilities

From January 2023 to September 2024, Kaspersky Digital Footprint Intelligence experts discovered 547 ads for buying and selling exploit tools. The ads were posted on various dark web forums and anonymous channels on the Telegram app...

About half of these listings target zero-day and one-day exploits. However, the underground market is rife with scams, so it's difficult to verify whether the tools being sold are actually usable.

Additionally, Kaspersky also recorded the average price of buying and selling exploits for remote attacks as high as $100,000.

Exploit is a tool that cybercriminals use to exploit software vulnerabilities, such as Microsoft software, to perform illegal acts such as unauthorized access or data theft.

More than half of dark web postings (51%) offer to sell or buy exploits targeting zero-day or one-day vulnerabilities.

Zero-day exploits target vulnerabilities that have not yet been discovered and fixed by the software vendor, while one-day exploits target vulnerabilities that have been discovered and fixed, but the system does not have the patch update installed.

“Cybercriminals can use exploits to steal corporate information or spy on an organization without being detected to achieve their goals,” said Anna Pavlovskaya, senior analyst at Kaspersky Digital Footprint Intelligence. “However, some exploits sold on the dark web may be fake or incomplete, and may not work as advertised. Furthermore, most transactions take place underground. These two factors make it extremely difficult to assess the true size of this market.”

KIM THANH