Dark Web Market for Software Exploits Sees Surge, Highlighting Ongoing Cybersecurity Threats

Kaspersky’s analysis of the dark web between January 2023 and September 2024 revealed 547 listings for buying and selling exploits, with half involving zero-day or one-day vulnerabilities. Despite fluctuations in activity, the market for functional exploits remains a consistent threat, reinforcing the need for cybersecurity vigilance and regular patching.


9 October 2024 – Between January 2023 and September 2024, Kaspersky’s Digital Footprint Intelligence experts uncovered 547 advertisements for the buying and selling of software vulnerability exploits. These posts were found across dark web forums and obscure Telegram channels, with around 50% of them involving zero-day and one-day vulnerabilities. Zero-day vulnerabilities are flaws that remain unknown to the software vendor, while one-day vulnerabilities refer to systems lacking the necessary security patches. Despite the frequency of such advertisements, verifying the functionality of these exploits is challenging due to the prevalence of scams on the dark web.

The average cost for exploits enabling remote code execution (RCE) stood at approximately $100,000. Such exploits allow attackers to gain unauthorized access or control over software systems. More than half of the listings sought or offered tools targeting undiscovered or unpatched vulnerabilities. Popular targets include enterprise-level software, given its higher value to cybercriminals. However, Kaspersky experts also noted that many dark web exploit offers are fraudulent or incomplete, adding complexity to estimating the actual volume of functioning exploits on the market.

May 2024 marked the peak of exploit sales, with 50 listings that month, including a noteworthy sale of an alleged Microsoft Outlook zero-day exploit priced at nearly $2 million. While activity levels fluctuate, the threat landscape remains constant, highlighting the importance of strong cybersecurity measures, such as regular system patching and vigilant monitoring of dark web activity.

Among the most prevalent exploits available for purchase are those targeting Remote Code Execution (RCE) and Local Privilege Escalation (LPE) vulnerabilities. RCE exploits, which are generally more dangerous, allow attackers to take control of a system, while LPE exploits, typically priced around $60,000, enable attackers to gain higher system privileges.

To mitigate risks associated with these vulnerabilities, Kaspersky recommends companies deploy Digital Footprint Intelligence to monitor cyberthreats on the dark web and implement comprehensive security solutions like the Kaspersky Next product line. Regular security assessments and prompt patching of vulnerabilities are also essential for protecting against these increasingly sophisticated cyber threats.

Author: Terry KS

Share This Post On