Approximately 305 new cyber threats are added each week on cybercrime markets and forums, mostly located on the dark web.
The threats include information on newly developed malware and exploits that have not yet been deployed in a cyber-attack – information that could be very useful for cyber defenders.
The discovery was made by Arizona State University researchers, who have developed and deployed a system for cyber threat intelligence gathering and used it on 27 marketplaces and 21 hacking forums.
The group, some members of which have also recently released the results of an investigation into the supply on 17 underground hacker markets, also noted that, in a period spanning four weeks, 16 exploits for zero-day vulnerabilities had been offered for sale.
Among these was an exploit for a remote code execution flaw in Internet Explorer 11 (priced at a little over 20 BTC), and for a RCE flaw in Android Web View (price: nearly 41 BTC).
“The Android WebView zero-day affects a vulnerability in the rendering of web pages in Android devices. It affects devices running on Android 4.3 Jelly Bean or earlier versions of the operating system. This comprised of more than 60% of the Android devices in 2015,” they explained.
“After the original posting of this zero-day, a patch was released in Android KitKit 4.4 and Lollipop 5.0 which required devices to upgrade their operating system. As not all users have/will update to the new operating system, the exploit continues to be sold for a high price. Detection of these zero-day exploits at an earlier stage can help organizations avoid an attack on their system or minimize the damage. For instance, in this case, an organization may decide to prioritize patching, updating, or replacing certain systems using the Android operating system.”
Not to mention that the vendors whose software is obviously vulnerable could try to come up with a patch or at least temporary mitigations that could minimize the risk of these exploits being leveraged against users.
The researchers’ system has also shown some promise when it comes to mapping the underlying social network of vendors.
The group is currently in the process of transitioning the system to a commercial partner, but the database they created by using it has been made available to security professionals, to help them identify emerging cyber threats and capabilities.