Almost half of all exploits that are in greatest demand, are for vulnerabilities that are at least three years old
Each month, Microsoft releases updates to its software that fix security issues. Nevertheless, according to a new study by the information security company Trend Micro, exploits for vulnerabilities that were fixed even several years ago are still being advertised on hacker forums. Vendors adjust prices according to market demand and combine several old exploits together to maximize profits.
Almost half of all exploits for which there is the greatest demand on the black market are targeted at vulnerabilities that are at least three years old. The demand for exploits is also driven by the popularity of software. 47% of all exploits requested on forms are for vulnerabilities in Microsoft products.
The data shows that vulnerabilities in popular software are a cash cow for criminals when corporate, private or government users do not update their software.
The results of the study are especially relevant against the backdrop of a strong shake-up on hacker forums following the ransomware attack on the fuel giant Colonial Pipeline. For example, one of the most popular Russian-language forums, XSS, announced that it would ban the sale of ransomware after the incident. However, it is not known how long the ban will last. However, there are other market forces shaping underground forums, according to Trend Micro. Some sellers rely on their reputation in the market for high-end exploits and make only a few sales per year, but they cost up to half a million dollars. In turn, other sellers rely on bargain hunters willing to shell out more than a hundred dollars.
“Patching yesterday’s popular vulnerability may be more important than patching today,” Mayra Rosario Fuentes, a senior threat researcher at Trend Micro, said at the RSA conference on Monday 18 May. During a presentation at RSA, Fuentes announced the study that Trend Micro will publish in July.