Exploit As A Service
   HOME

TheInfoList



Click Here for Items Related To - Exploit As A Service
OR:
Exploit As A Service on:   [Wikipedia]   [Google]   [Amazon]

Exploit as a service (EaaS) is a scheme of
cybercriminal Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. It has been variously defined as "a crime committed on a computer network, especially the Internet"; Cybercriminals may explo ...
s whereby zero-day vulnerabilities are leased to
hacker A hacker is a person skilled in information technology who achieves goals and solves problems by non-standard means. The term has become associated in popular culture with a security hackersomeone with knowledge of bug (computing), bugs or exp ...
s. EaaS is typically offered as a
cloud service Cloud computing is "a paradigm for enabling network access to a scalable and elastic pool of shareable physical or virtual resources with self-service provisioning and administration on-demand," according to ISO. Essential characteristics ...
. By the end of 2021, EaaS became more of a trend among ransomware groups. In the past, zero-day vulnerabilities were often sold on the
dark web The dark web is the World Wide Web content that exists on darknets ( overlay networks) that use the Internet but require specific software, configurations, or authorization to access. Through the dark web, private computer networks can communica ...
, but this was usually at very high prices, millions of US dollars per zero-day. A leasing model makes such vulnerabilities more affordable for many hackers. Even if such zero-day vulnerabilities will later be sold at high prices, they can be leased for some time. The scheme can be compared with similar schemes like Ransomware as a Service (RaaS), Phishing as a Service and Hacking as a Service (HaaS). The latter includes such services as
DoS DOS (, ) is a family of disk-based operating systems for IBM PC compatible computers. The DOS family primarily consists of IBM PC DOS and a rebranded version, Microsoft's MS-DOS, both of which were introduced in 1981. Later compatible syste ...
and
DDoS In computing, a denial-of-service attack (DoS attack) is a cyberattack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host co ...
and
botnet A botnet is a group of Internet-connected devices, each of which runs one or more Internet bot, bots. Botnets can be used to perform distributed denial-of-service attack, distributed denial-of-service (DDoS) attacks, steal data, send Spamming, sp ...
s that are maintained for hackers who use these services. Parties who offer exploit-as-a-service need to address various challenges. Payment is usually done in
cryptocurrencies A cryptocurrency (colloquially crypto) is a digital currency designed to work through a computer network that is not reliant on any central authority, such as a government or bank, to uphold or maintain it. Individual coin ownership records ...
like
Bitcoin Bitcoin (abbreviation: BTC; Currency symbol, sign: ₿) is the first Decentralized application, decentralized cryptocurrency. Based on a free-market ideology, bitcoin was invented in 2008 when an unknown entity published a white paper under ...
. Anonymity is not always guaranteed when cryptocurrencies are used, and the police have been able to seize criminals on various occasions. Zero day vulnerabilities that are leased could be discovered and the software that is used to exploit them could be reverse engineered. It is as yet uncertain how profitable the exploit-as-a-service business model will be. If it turns out to be profitable, probably the amount of threat actors that will offer this service will increase. Sources of information on exploit-as-a-Service include discussions on the Dark Web, which reveal an increased interest in this kind of service.


See also

* as a service *
Computer security Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It consists of the protection of computer software, systems and computer network, n ...
*
Computer virus A computer virus is a type of malware that, when executed, replicates itself by modifying other computer programs and Code injection, inserting its own Computer language, code into those programs. If this replication succeeds, the affected areas ...
* Crimeware *
Exploit kit An exploit kit is a tool used for automatically managing and deploying Exploit (computer security), exploits against a target computer. Exploit kits allow attackers to deliver malware without having advanced knowledge of the exploits being used. ...
*
IT risk It or IT may refer to: * It (pronoun), in English * Information technology Arts and media Film and television * ''It'' (1927 film), a film starring Clara Bow * '' It! The Terror from Beyond Space'', a 1958 science fiction film * ''It!'' (1967 ...
* Metasploit *
Shellcode In hacking, a shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability. It is called "shellcode" because it typically starts a command shell from which the attacker can control the compromised ma ...
* w3af


Notes


External links

* {{Commons category-inline, Computer security exploits
Exploit-as-a-service: Cybercriminals exploring potential of leasing out zero-day vulnerabilities as saved in the Internet Archive

Exploit-as-a-Service, high rollers and zero-day criminal tactics as saved in the Internet Archive

Hacking as a Service as saved in the Internet Archive
As a service Dark web Cybercrime