If you’ve ever wondered how much a zero-day exploit costs, you’re in luck, because right now there is an offer on the Dark Web.
A zero-day exploit is a vulnerability that is not known or has had a chance to be patched by the creator of the original software. Being relatively unknown, it is possible to take advantage of it to create malware, or to hack third-party devices and systems.
Since these vulnerabilities are normally closed when made public, a zero-day exploit is very valuable to hackers. It’s like an unlocked door that you’ve only found, before the homeowner knows.
This is the black market for exploits
But how valuable can a zero-day exploit be? The truth is that it is difficult to find out, since normally it is not something that one announces to the four winds.
There’s a whole business built around finding exploits and selling them to the highest bidder, but usually these sales are made privately using intermediaries, brokers that unite hackers who find vulnerabilities and those who need them for their purposes.
What goals are those? Customers are the ones you can imagine, from companies that want to do industrial espionage to discover what your competitors are preparing, up to governments that want to get a ready arsenal to be used against your enemies.
Of course, these transactions are subject to nondisclosure agreements, and many times the hacker himself does not know who he is selling the exploit to thanks to intermediaries. Therefore, keeping track of these deals is extremely difficult, and the details rarely come to light.
How much does a zero-day exploit cost?
So when the semi-public auction of an exploit occurs it is a good time to take a look and see how the black market is doing. This very special case has occurred on the Dark Web, accessible using TOR; therefore, anyone can enter and participate using the appropriate tools, although for the moment TOR is still a network little used by most.
According to the security firm Trustwave, the winner of this auction will take an exploit that works on all versions of Windows from XP. The bug affects awin32k.sys, a Windows kernel driver that has been the source of several exploits that allow privilege escalation.
Therefore, the auctioned exploit will not allow us to access the machine we want or install malware, we will have to do this work on our own or hire a hacker on the Dark Web. What we will buy be exploit source code, and we will receive technical service from the hacker to integrate the exploit into our malware.
The exploit that will make life much easier, since we can skip the controls that Windows has to prevent unwanted software from running, such as the sandbox, the sandbox in which applications run without affecting the system.
But, as the auction hunters say, all that is very good, but and the price? Well, the creator of the exploit initially pedaled $ 95,000, but then lowered the price to $ 90,000. According to Trustwave experts, that price falls within what is usually seen in private transactions, it is a realistic price, although perhaps somewhat expensive.
However, if the exploit really works, a lot of people would be able to recover that money more than attacking the correct machine. Those, The more an exploit is used, the less efficient it will be, since the security managers of Microsoft will find out sooner or later of its existence and will launch a patch that removes it. This is the life cycle for exploits.