Kaspersky Finds 547 Exploit Software Sale And Purchase Ads On Dark Web

Dark web illustration (photo: Kaspersky)

JAKARTA - In the period January 2023 to September 2024, Kaspersky Digital Footprint Intelligence experts identified 547 export buying and selling ads targeting software vulnerabilities.

Exploit is a tool used by cybercriminals to take advantage of vulnerabilities in various software programs, to carry out illegal activities, such as obtaining unauthorized access or data theft.

These tools allow cybercriminals to carry out attacks, which can be equivalent to huge profits for them, such as the theft of company information or spying on an organization undetected, said Anna Pavlovskaya, Senior Analyst at Kaspersky Digital Footprint Intelligence.

Based on Kaspersky's findings, the advertisements were uploaded on various dark web forums and shadow Telegram channels, with 51 percent containing bids or efforts to purchase exploits for zero-day or one-day vulnerabilities.

The zero-day exploit targets a vulnerability not yet found that has not been identified and patched by the software vendor, while the one-day exploit is focused on systems that have not installed patches.

In addition, Kaspersky also found that, on average, the cost of exploits for remote code execution vulnerabilities ranged from US$100,000 or around Rp1.5 billion.

"However, some exposure offers on the dark web may be fake or incomplete, which means they don't work as advertised," Anna explained further.

To ward off threats related to vulnerabilities and exploits, the following steps can be effectively exploited: