14 DAY TRIAL // A group of ten researchers from Arizona State University created a system that automatically scans and detects hacking-related products added to Dark and Deep Web marketplaces and hacking forums.
The researchers analyzed data from 27 marketplaces and 21 hacking forums, accessed via TOR (Dark Web) or via hidden websites on the open Internet (also called the Deep Web).
They created a system that automatically scrapes and watches these sites and uses 25 percent human input to train a machine-learning algorithm to classify collected data.
Based on the system they created, researchers say they found interesting details about a number of hacking tools added to these marketplaces, the overall exploit trends, and the marketplace presence of the hacking underworld's most active users.
305 new cyber-threats created each week
Their study has revealed that, during a four-week period, crooks added 16 zero-day exploits to online marketplaces. Let us remind you that zero-day exploits are not the same thing as zero-day vulnerabilities. A zero-day vulnerability can have multiple exploits, depending on the person who codes the actual malicious code that takes advantage of (past or present) zero-day vulnerability.
For example, the research team discovered an Internet Explorer 11 RCE zero-day selling for 20.4676 Bitcoin (~$12,000) and an Android WebView RCE zero-day selling for 40.8956 Bitcoin (~$24,100).
Furthermore, their system revealed that crooks upload approximately 305 cyber-threats each week, either in the form of zero-day exploits, hacking tools, or already-coded malware.
A 2015 Microsoft zero-day incident sparked the research
Researchers explain that their inspiration for conducting the study was an event from 2015. Back in February 2015, Microsoft fixed a zero-day in Windows that affected versions such as Vista, 7, 8, and Server distributions.
Two months after the company issued a patch in MS15-010, security experts discovered an exploit for this flaw on the Dark Web sold for $15,000, which in July had already made its way into the Dyre banking trojan.
The study's purpose was to create a system that proactively keeps an eye on the Dark and Deep Web hacking ecosystems and uses the data it gathers to uncover new exploits or warn researchers of shifting trends. This very same system is now being transmitted to a commercial entity.
Previously, another group of researchers from Arizona State University classified data from 17 Dark Web and Deep Web hacking and cyber-crime marketplaces and discovered that carding and PayPal accounts were the most popular products put up for sale.
