Exploit-as-a-service
   HOME

TheInfoList



Click Here for Items Related To - Exploit-as-a-service
OR:
Exploit-as-a-service on:   [Wikipedia]   [Google]   [Amazon]

Exploit as a service or EaaS is a scheme of cybercriminals whereby zero-day vulnerabilities are leased to hackers. EaaS is typically offered as a cloud service. By the end of 2021, EaaS became more of a trend among ransomware groups. In the past, zero-day vulnerabilities were often sold on the
Dark Web The dark web is the World Wide Web content that exists on ''darknets'': overlay networks that use the Internet but require specific software, configurations, or authorization to access. Through the dark web, private computer networks can communi ...
, but this was usually at very high prices, millions of US dollars per zero-day. A leasing model makes such vulnerabilities more affordable for many hackers. Even if such zero-day vulnerabilities will later be sold at high prices, they can be leased for some time. The scheme can be compared with similar schemes like Ransomware as a Service (RaaS), Phishing as a Service and Hacking as a Service (HaaS). The latter includes such services as DoS and DDoS and botnets that are maintained for hackers who use these services. Parties who offer exploit-as-a-service need to address various challenges. Payment is usually done in
cryptocurrencies A cryptocurrency, crypto-currency, or crypto is a digital currency designed to work as a medium of exchange through a computer network that is not reliant on any central authority, such as a government or bank A bank is a financial i ...
like
Bitcoin Bitcoin ( abbreviation: BTC; sign: ₿) is a decentralized digital currency that can be transferred on the peer-to-peer bitcoin network. Bitcoin transactions are verified by network nodes through cryptography and recorded in a public distr ...
. Anonymity is not always guaranteed when cryptocurrencies are used, and the police have been able to seize criminals on various occasions. Zero day vulnerabilities that are leased could be discovered and the software that is used to exploit them could be reverse engineered. It is as yet uncertain how profitable the exploit-as-a-service business model will be. If it turns out to be profitable, probably the amount of threat actors that will offer this service will increase. Sources of information on exploit-as-a-Service include discussions on the Dark Web, which reveal an increased interest in this kind of service.https://web.archive.org/web/20211117140438/https://www.2-spyware.com/new-criminal-tactics-exploit-as-a-service-and-buying-zero-day-flaws New criminal tactics: exploit-as-a-service and buying zero-day flaws


See also

* As a service * Computer security *
Computer virus A computer virus is a type of computer program that, when executed, replicates itself by modifying other computer programs and inserting its own code. If this replication succeeds, the affected areas are then said to be "infected" with a compu ...
* Crimeware *
Exploit kit An exploit kit is a tool used for automatically managing and deploying exploits against a target computer. Exploit kits allow attackers to deliver malware without having advanced knowledge of the exploits being used. Browser exploits are typica ...
* IT risk * Metasploit * Shellcode * w3af


Notes


External links

*{{Commons category-inline, Computer security exploits
Exploit-as-a-service: Cybercriminals exploring potential of leasing out zero-day vulnerabilities as saved in the Internet ArchiveExploit-as-a-Service, high rollers and zero-day criminal tactics as saved in the Internet ArchiveHacking as a Service as saved in the Internet Archive
Dark web