Quote:A year-long study into the underground market for exploits in cybercriminal forums shows that crooks are salivating for Microsoft bugs, which are far and away the most requested and most sold exploits.
According to researchers (see chart below) Microsoft products made up a whopping 47 percent of the requests, compared with, say, internet of things (IoT) exploits, which only accounted for 5 percent.
The exploit market is accommodating cybercrooks’ hunger for puncturing Microsoft products, according to Trend Micro. A second data point (see chart below) shows that 61 percent of sold exploits targeted Microsoft products, including Office, Windows, Internet Explorer and Microsoft Remote Desktop Protocol (RDP).
No surprise there. Flashpoint researchers also reported in December, prices for RDP server access has been surging.
The research was presented on Monday at the all-virtual RSA Conference 2021, by Trend Micro Senior Researcher Mayra Rosario Fuentes. In her session, titled Tales from the Underground: The Vulnerability Weaponization Lifecycle, Fuentes said that the study tracked the exploits that were sold and requested on more than 600 underground forums over a year.
Researchers found that the average price for exploits that threat actors were willing to pay was $2,000. The crooks are going after fresh, tender new vulnerabilities, with 52 percent of exploits on their wish list being less than 2 years old: an age bracket that also accounts for 54 percent of exploits being sold.
Read more: Microsoft, Adobe Exploits Top List of Crooks' Wish List | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
