A system created by a group of ten Arizona State University researchers can automatically scan and detect whether hacking related products are added to online marketplaces operating on the deep web and hacking forums, according to reports.
The researchers carried out a study using the system and found out that crooks added as many as 16 zero-day exploits to online marketplaces on the deep web in a month.
They analyzed data collected from 21 hacking forums and 27 deep web marketplaces.
They designed a system that automatically scrapes and monitors these sites, and utilize 25 percent human input for training a machine-learning algorithm to categorize the gathered data from the sites.
The researchers were able to gather interesting information through their system about several hacking tools that were added to the marketplaces, the overall trends as far as exploits are concerned and the presence of most active users in these marketplaces.
Each Week As Many As 305 New Cyber-threats are Created
Cybercriminals added as many as 16 zero-day exploits to deep web marketplaces during a month period, according to their study.
Zero-day exploits are different from zero-day vulnerabilities.
This is because a zero-day vulnerability can have multiple exploits.
It depends entirely on the person coding the actual malicious code that takes advantage of either past or present zero-day vulnerability.
For instance, the research team found out that an RCE zero-day for Internet Explorer 11 was being sold for 20.4676 Bitcoins (approximately $12,000), and an RCE zero-day for Android WebView was being sold for 40.8956 Bitcoins (approximately $24,100).
Additionally, the system deployed by the researchers showed that crooks uploaded nearly 305 cyber-threats every week in the form of hacking tools, zero-day exploits or already-coded malware.
Study Carried Out After Microsoft Reported a Zero-day Incident In 2015
According to the researchers from the Arizona State University, it was an event that occurred last year that prompted them to conduct the research.
In February last year, Microsoft identified a vulnerability of critical nature in the Windows operating system.
This vulnerability enabled a hacker to target and remotely controls any computer.
Different types of Windows systems designed for operating mobile computers and servers were affected.
The details related to this vulnerability spread among the hacker community quite quickly.
In April 2015, security experts found out that an exploit based on this particular vulnerability was available for sale on a deep web marketplace for $15,000.
The first malware that made use of this vulnerability appeared in July last year.
The malware referred to as the Dyre Banking Trojan, focused on infecting the computers of users around the world and stealing their credit card numbers.
The purpose of conducting the study by the Arizona State University researchers was to create a system that has the ability to watch the hacking ecosystems operating on the deep web and collect data.
The system then analyzes the data gathered to not only uncover new exploits but also warn the researchers about the same.
By the successful use of the system for the study, it is being offered as a commercial product.
Prior to the study carried out by this group of ten researchers, another group from the Arizona State University had classified data collected from 17 deep web marketplaces.
Their observation was that PayPal and carding accounts were most commonly available for sale on these sites.
When a malware exploits a previously unknown vulnerability, the initial owners of the software are required to design a patch immediately without any time delay.
That is why such attacks are called “zero-day attacks.”
It is the primary goal of cybersecurity experts to discover zero-day exploits before they became a malware.
If the system designed by the researchers is capable of spotting zero-day vulnerabilities before hackers developing them into malware products, software owners can develop patches quickly.
However, it will be interesting to watch as to how hackers are changing their behavior given the development of this system.