Nearly a Quarter of Exploits Sold on Cybercriminal Underground Are More Than Three Years Old

Rhea-AI Summary

Trend Micro's latest research highlights that 22% of exploits available in underground forums are over three years old, indicating a persistent risk for organizations. The report underscores the importance of timely patching, revealing that vulnerabilities can be exploited long after they are patched. Notably, the average time to patch a vulnerability is now 51 days. Additionally, the study shows a decline in the zero-day exploit market, influenced by bug bounty programs. As cybercriminals increasingly target legacy vulnerabilities, the necessity for proactive measures such as virtual patching becomes critical for organizations.

Positive

• Highlighting the efficacy of bug bounty programs contributing to a decline in zero-day and N-day exploit market.
• Emphasis on virtual patching as an effective strategy to mitigate risks associated with known and unknown vulnerabilities.

Negative

• 22% of exploits for sale are over three years old, indicating persistent security vulnerabilities.
• Average patching time is 51 days, leaving organizations exposed to cyber threats.
• High demand for older exploits, making it easier for cybercriminals to target organizations.

DALLAS, July 13, 2021 /PRNewswire/ -- Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, released new research urging organizations to focus patching efforts on the vulnerabilities that pose the greatest risk to their organization, even if they are years old.

Trend Micro Research found that 22% of exploits for sale in underground forums are more than three years old.

To view a full copy of the report, The Rise and Fall of the N-day Exploit Market in Cybercriminal Underground, please visit: https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/trends-and-shifts-in-the-underground-n-day-exploit-market.

"Criminals know that organizations are struggling to prioritize and patch promptly, and our research shows that patch delays are frequently taken advantage of," said Mayra Rosario, senior threat researcher for Trend Micro. "The lifespan of a vulnerability or exploit does not depend on when a patch becomes available to stop it. In fact, older exploits are cheaper and therefore may be more popular with criminals shopping in underground forums. Virtual patching remains the best way to mitigate the risks of known and unknown threats to your organization."

The report reveals several risks of legacy exploits and vulnerabilities, including:

• The oldest exploit sold in the underground was for CVE-2012-0158, a Microsoft RCE.
• CVE-2016-5195, known as the Dirty Cow exploit, is still ongoing after five years.
• In 2020, WannaCry was still the most detected malware family in the wild, and there were over 700,000 devices worldwide vulnerable as of March 2021.
• 47% of cybercriminals looked to target Microsoft products in the past two years.

The report also reveals a decline in the market for zero-day and N-day vulnerabilities over the past two years. This is being driven in part by the popularity of bug bounty programs, like Trend Micro's Zero Day Initiative, and the rise of Access-as-a-Service – the new force in the exploit market.

Access-as-a-Service has the advantages of an exploit, but all the hard work has already been done for the buyer, with underground prices starting at $1000USD.

These trends are combining to create greater risk for organizations. With nearly 50 new CVEs released per day in 2020, the pressure on security teams to prioritize and deploy timely patches has never been greater – and it's showing. Today, the time to patch averages nearly 51 days for organizations patching a new vulnerability. To cover that gap in security protection, virtual patching is key. It is based on intrusion prevention technology and offers a hassle-free way to shield vulnerable or end-of-life systems from known and unknown threats indefinitely.

About Trend Micro
Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 65 countries, Trend Micro enables organizations to simplify and secure their connected world. www.TrendMicro.com.  

View original content:https://www.prnewswire.com/news-releases/nearly-a-quarter-of-exploits-sold-on-cybercriminal-underground-are-more-than-three-years-old-301332259.html

SOURCE Trend Micro Incorporated

FAQ

What percentage of exploits sold are older than three years for TMICY?

According to Trend Micro's research, 22% of exploits sold in underground forums are more than three years old.

How long does it take on average to patch vulnerabilities related to TMICY?

The average time to patch a vulnerability is approximately 51 days.

What is the significance of virtual patching for TMICY?

Virtual patching is highlighted as a key strategy to protect organizations from both known and unknown vulnerabilities.

Which exploit was noted as the oldest sold on the underground market in relation to TMICY?

The oldest exploit noted was for CVE-2012-0158, a Microsoft remote code execution vulnerability.

What shift has impacted the market for zero-day vulnerabilities according to TMICY's report?

The report indicates that the rise of bug bounty programs has contributed to a decline in the market for zero-day and N-day vulnerabilities.