Home     >     Technology     >    

Nearly a Quarter of Exploits Sold on Cybercriminal Underground Are More Than Three Years Old

HONG KONG SAR -  - 14 July 2021 - Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, released new research urging organizations to focus patching efforts on the vulnerabilities that pose the greatest risk to their organization, even if they are years old.

 

Trend Micro Research found that 22% of exploits for sale in underground forums are more than three years old.

 

To view a full copy of the report, The Rise and Fall of the N-day Exploit Market in Cybercriminal Underground, please visit: https://www.trendmicro.com/vinfo/hk/security/news/vulnerabilities-and-exploits/trends-and-shifts-in-the-underground-n-day-exploit-market.

 

"Criminals know that organizations are struggling to prioritize and patch promptly, and our research shows that patch delays are frequently taken advantage of," said Tony Lee, head of consulting at Trend Micro Hong Kong and Macau. "The lifespan of a vulnerability or exploit does not depend on when a patch becomes available to stop it. In fact, older exploits are cheaper and therefore may be more popular with criminals shopping in underground forums. Virtual patching remains the best way to mitigate the risks of known and unknown threats to your organization."

 

The report reveals several risks of legacy exploits and vulnerabilities, including:

  • The oldest exploit sold in the underground was for CVE-2012-0158, a Microsoft RCE.
  • CVE-2016-5195, known as the Dirty Cow exploit, is still ongoing after five years.
  • In 2020, WannaCry was still the most detected malware family in the wild, and there were over 700,000 devices worldwide vulnerable as of March 2021.
  • 47% of cybercriminals looked to target Microsoft products in the past two years.


The report also reveals a decline in the market for zero-day and N-day vulnerabilities over the past two years. This is being driven in part by the popularity of bug bounty programs, like Trend Micro's Zero Day Initiative, and the rise of Access-as-a-Service – the new force in the exploit market.

 

Access-as-a-Service has the advantages of an exploit, but all the hard work has already been done for the buyer, with underground prices starting at $1000USD.

 

These trends are combining to create greater risk for organizations. With nearly 50 new CVEs released per day in 2020, the pressure on security teams to prioritize and deploy timely patches has never been greater – and it's showing. Today, the time to patch averages nearly 51 days for organizations patching a new vulnerability. To cover that gap in security protection, virtual patching is key. It is based on intrusion prevention technology and offers a hassle-free way to shield vulnerable or end-of-life systems from known and unknown threats indefinitely.

 

  • Media Contact
  • Trend Micro
Information contained on this page is provided by an independent third-party content provider.This Site make no warranties or representations in connection therewith.If you are affiliated with this page and would like it removed it please contact service@ceapress.com
Related tags: Technology
Recommend

BYD Rolls Off Its 3 Millionth New Energy Vehicle and Debuts A New Passenger Car Brand Matrix

2022-11-16 23:18:00

BYD's acceleration on promoting New Energy Vehicles. From the first new energy vehicle to the 1 millionth new energy vehicle in 13 years and from 1 million to 2 million in just 1 year and from 2 million to 3 million in just 6 months, BYD is actively promoting NEVs. "To reassure our customers about safety, we have made it a mission that we will carry to the end". In addition to the Blade Battery and CTB technology, BYD will also launch another safe and novel pioneering technology which will be equipped for the first time on the new model of its high-end brand, the Yangwang brand. BYD Auto will build up its brand matrix with five brands. These five brands are Dynasty, Ocean, Denza, Yangwang, and a new brand that specializes in professional and personalized identities. BYD operates globally. As a global seeker of talent, BYD acquires its talents worldwide. In terms of operation, BYD has extended its new energy vehicle footprint to over 400 cities across 70 countries and regions on 6 continents. In particular, BYD's new energy passenger cars have entered Norway, Germany, Japan, Thailand, Brazil, and other markets in the world. In the future, BYD's new energy passenger cars will enter more markets and will be manufactured as well as sold globally.

Trina Solar defines the aesthetic black product by high tech, delivering new Vertex S modules globally

2022-11-01 23:02:00

Trina Solar's Vertex S Aesthetic Module, an upgraded product highly anticipated by global customers, has arrived in Europe, Australia, Japan and other markets recently. It is the first solar PV module to win the Red Dot Award and is turning heads because of its efficient and reliable performance and an outstanding design and visual appearance, making it a favorite among distributed solar rooftops in global markets.

Hikvision released the evolutionary eDVR Series with eSSD technology

2022-10-12 00:00:00

October 12, 2022 – Hikvision recently added the eDVR Series into its expanding portfolio of security solutions for SMBs. Powered by embedded solid state drive technology, Hikvision's eDVRs are compact, durable, easy-to-use, and energy-efficient. All this means they are ideal for small-to-medium-sized businesses and residential applications.

Xiaomi Partners with National Geographic Magazine China Inspring Global Youth to Rediscover Life's Wonders

2022-10-04 00:00:00

Following the footsteps of Out of Eden Walk Paul Salopek Harnessing Xiaomi technology to inspire curiosity in their world

XPENG Receives Third Consecutive MSCI ESG Rating of AA Achieves Industry-leading DJSI Scores

2022-10-03 11:00:00

Dedication to EV technology innovation brings remarkable growth potential

OPPO Wins Impact Award and Innovation Award on Consumer Tech at BEYOND Expo 2022

2022-09-26 00:00:00

OPPO was awarded the Impact Award and Consumer Tech Innovation Award at BEYOND Expo 2022 yesterday for its achievements in sustainability and SUPERVOOC Flash Charge technology.