Exploit as a service: Difference between revisions
Carol Fenijn (talk | contribs) m ref fix |
Carol Fenijn (talk | contribs) m link fix |
||
| Line 1: | Line 1: | ||
'''Exploit-as-a-service''' is a scheme of [[cybercriminal]]s whereby [[zero-day vulnerabilities]] are leased to [[hackers]].<ref>https://web.archive.org/web/20211123034031/https://portswigger.net/daily-swig/exploit-as-a-service-cybercriminals-exploring-potential-of-leasing-out-zero-day-vulnerabilities</ref><ref>https://web.archive.org/web/20211128180425/https://www.cybertalk.org/2021/11/17/exploit-as-a-service-high-rollers-and-zero-day-criminal-tactics/</ref> |
'''Exploit-as-a-service''' is a scheme of [[cybercriminal]]s whereby [[Zero-day (computing)|zero-day vulnerabilities]] are leased to [[hackers]].<ref>https://web.archive.org/web/20211123034031/https://portswigger.net/daily-swig/exploit-as-a-service-cybercriminals-exploring-potential-of-leasing-out-zero-day-vulnerabilities</ref><ref>https://web.archive.org/web/20211128180425/https://www.cybertalk.org/2021/11/17/exploit-as-a-service-high-rollers-and-zero-day-criminal-tactics/</ref> |
||
In the past, zero-day vulnerabilities were often sold on the [[Dark Web]], but this was usually at very high prices. A leasing model makes such vulnerabilities more affordable for many hackers.<ref>https://web.archive.org/web/20210811091611/https://whatis.techtarget.com/definition/hacking-as-a-service-HaaS</ref> Even if such zero-day vulnerabilities will ever be sold at high prices, they can be leased for some time.<ref>https://web.archive.org/web/20211123034031/https://portswigger.net/daily-swig/exploit-as-a-service-cybercriminals-exploring-potential-of-leasing-out-zero-day-vulnerabilities</ref> |
In the past, zero-day vulnerabilities were often sold on the [[Dark Web]], but this was usually at very high prices. A leasing model makes such vulnerabilities more affordable for many hackers.<ref>https://web.archive.org/web/20210811091611/https://whatis.techtarget.com/definition/hacking-as-a-service-HaaS</ref> Even if such zero-day vulnerabilities will ever be sold at high prices, they can be leased for some time.<ref>https://web.archive.org/web/20211123034031/https://portswigger.net/daily-swig/exploit-as-a-service-cybercriminals-exploring-potential-of-leasing-out-zero-day-vulnerabilities</ref> |
||
Revision as of 11:01, 5 December 2021
Exploit-as-a-service is a scheme of cybercriminals whereby zero-day vulnerabilities are leased to hackers.[1][2]
In the past, zero-day vulnerabilities were often sold on the Dark Web, but this was usually at very high prices. A leasing model makes such vulnerabilities more affordable for many hackers.[3] Even if such zero-day vulnerabilities will ever be sold at high prices, they can be leased for some time.[4]
The scheme can be compared with similar schemes like Ransomware-as-a-Service (RaaS), Phishing-as-a-Service and Hacking-as-a-Service (HaaS).[5] [6] The latter includes such services as DoS and DDoS and botnets that are maintained for hackers who use these services.
Parties who offer Exploit-as-a-service need to address various challenges. Payment is usually done in cryptocurrencies like the bitcoin. Zero day vulnerabilities that are leased could be discovered and the software that is used to exploit them could be reverse engineered.
It is as yet uncertain how profitable the exploit-as-a-service business model will be. If it turns out to be profitable, probably the amount of threat actors that will offer this service will increase.[7]
See also
See also
- Exploit (computer security)
- Computer security
- Computer virus
- Crimeware
- Exploit kit
- IT risk
- Metasploit
- Shellcode
- w3af
Notes
- ^ https://web.archive.org/web/20211123034031/https://portswigger.net/daily-swig/exploit-as-a-service-cybercriminals-exploring-potential-of-leasing-out-zero-day-vulnerabilities
- ^ https://web.archive.org/web/20211128180425/https://www.cybertalk.org/2021/11/17/exploit-as-a-service-high-rollers-and-zero-day-criminal-tactics/
- ^ https://web.archive.org/web/20210811091611/https://whatis.techtarget.com/definition/hacking-as-a-service-HaaS
- ^ https://web.archive.org/web/20211123034031/https://portswigger.net/daily-swig/exploit-as-a-service-cybercriminals-exploring-potential-of-leasing-out-zero-day-vulnerabilities
- ^ https://web.archive.org/web/20210811091611/https://whatis.techtarget.com/definition/hacking-as-a-service-HaaS Hacking as a Service as saved in the Internet Archive
- ^ https://web.archive.org/web/20211123034031/https://portswigger.net/daily-swig/exploit-as-a-service-cybercriminals-exploring-potential-of-leasing-out-zero-day-vulnerabilities
- ^ https://web.archive.org/web/20211123034031/https://portswigger.net/daily-swig/exploit-as-a-service-cybercriminals-exploring-potential-of-leasing-out-zero-day-vulnerabilities
External links
Media related to Computer security exploits at Wikimedia Commons- Exploit-as-a-service: Cybercriminals exploring potential of leasing out zero-day vulnerabilities as saved in the Internet Archive
- Exploit-as-a-Service, high rollers and zero-day criminal tactics as saved in the Internet Archive
- Hacking as a Service as saved in the Internet Archive
