(Image: chanut via Adobe Stock)
One of the software success stories of the COVID-19 pandemic era has been videoconferencing service Zoom. Despite already existing in a crowded field of both startups and mature competitors, Zoom became a household name for anyone stuck at home to avoid the coronavirus. But as Zoom boomed, so did Dark Web sales of zero-day vulnerabilities in its software.
A Zoom vulnerability that allowed remote-code execution on Windows computers was allegedly for sale on the Dark Web for $500,000, reported Vice in April. Another zero-day vulnerability for Zoom on Macs confirmed by multiple sources commanded a lower but allegedly still substantial Dark Web price.
The entire black market ecosystem of buyers, sellers, and deal brokers conducts its business through a series of deals and digital handshakes that most people would consider ethically dubious, says Roman Sannikov, director of cybercrime and underground intelligence at cybersecurity research company Recorded Future. His team focuses on tracking and investigating criminal actors, non-nation state-sponsored extremists, and hacktivists.
Hackers who want to sell their zero-day vulnerabilities on the black market have many reasons for doing so, he says. Depending on what the vulnerability is, and for which software, they can make significantly more money than they can from an official bug bounty. They may also want to hurt ..
Support the originator by clicking the read the rest link below.
