The zero-day exploits used to be very popular in the past across the dark web. But now-a-days, the same situation is no longer available as revealed by the experts that also states that the sellers of the service have reduced in numbers by over 10 times. One of the recent analyses of the zero-day services on the dark web by a cyber intelligence firm named “FireEye”, there were only three zero-day sellers on the dark web as of 2018. In comparison, in 2013, at least 32 vendors used to sell the zero-day service where the present number stands nowhere.
FireEye’s Vulnerability and Exploitation Manager Jared Semrau explained the reasons behind the decline at a rate of 10X in just 5 years. The first and the foremost reason is that the increased rate of arrests of the individuals using the dark web to sell their products. The second reason is that the companies are taking the security of their products very seriously and thus they are becoming more and more cautious. The third reason is that the manufacturers and the security firms are increasing their bug bounty programs in order to have more individuals with the required skills that they could employ in checking the security of their systems. The result of this is that the hackers will live on the identifying vulnerabilities as they guarantee payout in case they find one. One such example can be stated as the platform Zerodium that purchase exploits from hackers and sells them at higher price to the manufacturers.
Instantly after the launch of a hardware or software, the hackers get into the infrastructure of the hardware or software to look for the weaknesses in the system that they can exploit for their benefit. For the zero-day exploits, the hackers dive in to the platform on the same day the hardware or the software is launched.