August 9, 2016
A group of ten researchers from Arizona State University created a system that automatically scans and detects hacking-related products added to Dark and Deep Web marketplaces and hacking forums.
The researchers analyzed data from 27 marketplaces and 21 hacking forums, accessed via Tor (Dark Web) or via hidden websites on the open Internet (also called the Deep Web).
They created a system that automatically scrapes and watches these sites and uses 25 percent human input to train a machine-learning algorithm to classify collected data.
Based on the system they created, researchers say they found interesting details about a number of hacking tools added to these marketplaces, the overall exploit trends, and the marketplace presence of the hacking underworld’s most active users.
Their study has revealed that, during a four-week period, crooks added 16 zero-day exploits to online marketplaces. Let us remind you that zero-day exploits are not the same thing as zero-day vulnerabilities. A zero-day vulnerability can have multiple exploits, depending on the person who codes the actual malicious code that takes advantage of (past or present) zero-day vulnerability.
For example, the research team discovered an Internet Explorer 11 RCE zero-day selling for 20.4676 Bitcoin (~$12,000) and an Android WebView RCE zero-day selling for 40.8956 Bitcoin (~$24,100).
Furthermore, their system revealed that crooks upload approximately 305 cyber-threats each week, either in the form of zero-day exploits, hacking tools, or already-coded malware.