Wednesday, August 10, 2016

Which vulnerabilities can be adquired in the Dark Web?

The evolution of 0-day follows random patterns and depends on a number of factors. Moreover, detecting those exploits at an early stage can help organizations to minimize impact of them.
For that reason we are taking on board the investigation runed by several researchers from Arizona State University, called "Darknet and Deepnet Mining for Proactive Cybersecurity Threat Intelligence" (EN/PDF). During four weeks they have been scraping 27 of the Dark Web key markets in order to find relationships between these markets and the proliferation of 0-days in future cyber attacks.

During this time it has been found 21 discussions related with this kind of attacks and up to 16 zero-days being sold to the highest bidder. In fact, one of them made use of one vulnerability already known by WebView (on of the components that allows an Android App to show content of a web wrapped in the same app) that affected all Android  with versions 4.3 and before, figures that represented the 60% of the total of Android devices in circulation.

The prices to undertake this exploit will range during the next days, but the opening bid started with 40 Bitcoin, which is about 24,000 dollars.

As said, this kind of researches are really interesting to understand the 0-days broadcast stream from their discovery, generally thanks to an element of the cybercrime chain, passing through the sale and finishing in their market exploitation.

If companies were able to establish an automated monitoring in this king of forums they could, where possible, second-guess criminals: patching, updating or replacing major vulnerabilities systems, even before the attack.

To conclude, we need to play a more proactive role against cybercrime attacking its major weakness: the exhibition needed to sell 0-day. It happens in the early stages so it could be used as a defense in future attacks.

 It is also noteworthy the Oracle`s MICROS presummed hacking, the payment system of the most TPVs of the market, and the development of Quadrooter, a new Android vulnerability in over 900 million devices.


Post a Comment