Are Ransomware Gangs Recruiting Pen Testers to Boost Cyber Attacks?

In a concerning development in the world of cybercrime, ransomware gangs have turned to recruiting penetration testers, commonly known as pen testers, to improve the effectiveness of their attacks. This trend has been brought to light by the findings of Cato Network’s Cato Cyber Threats Research Lab (CTRL) in their Q3 2024 Cato CTRL SASE Threat Report. Renowned ransomware groups like Apos, Lynx, and Rabbit Hole have been actively seeking skilled pen testers to join their ranks. This marks a significant evolution in ransomware-as-a-service (RaaS) and highlights their meticulous and detailed recruitment strategies.

The New Role of Pen Testers in Cybercrime

From Protectors to Attackers

Traditionally, penetration testers have played a vital role in cybersecurity by identifying vulnerabilities in systems and helping organizations secure their infrastructure. However, recent findings show that ransomware gangs are now hiring these skilled professionals not to protect but to target systems more effectively. According to Etay Maor, Chief Security Strategist at Cato Networks, this shift signifies a major evolution in the RaaS ecosystem, as cybercriminals now employ specialized expertise typically reserved for defending against attacks. This change in strategy indicates a more sophisticated approach in executing ransomware operations, increasing the threat landscape for potential victims.

The discovery of job listings on the Russian Anonymous Marketplace (RAMP) further confirms the lengths to which these cybercriminal groups are willing to go to obtain the expertise they need. By leveraging the skills of pen testers, ransomware gangs can identify and exploit vulnerabilities with greater precision, making their attacks more potent and difficult to fend off. These developments underscore the growing complexity and professionalization within the cybercrime industry, posing significant challenges for cybersecurity professionals and organizations worldwide.

Increasing Accessibility and Lowering Barriers in Cybercrime

Ransomware Source Codes for Purchase

The accessibility and lowering barriers to entry within cybercrime is another alarming trend highlighted in the Cato CTRL SASE Threat Report. Ransomware source codes are increasingly available for purchase on the dark web, making it easier for aspiring cybercriminals to launch their attacks without extensive technical knowledge. For instance, locker source code can be found for a price of $45,000. This availability significantly reduces the effort and expertise required to develop ransomware, democratizing access to powerful cyber weapons.

Additionally, the rise of AI has further facilitated these crimes by lowering the entry threshold. AI tools can automate tasks and provide step-by-step guides, empowering even novice hackers to carry out sophisticated attacks. A notable example from the report involves a user named ‘eloncrypto’ who was discovered selling a builder for MAKOP ransomware, a variant of the PHOBOS ransomware. This trend of increasing accessibility means that a broader range of individuals can engage in cybercriminal activities, exacerbating the threat landscape for all digital users.

Shadow AI and Data Privacy Risks

Another critical finding from the report is the emergence of Shadow AI, where employees bypass formal processes to adopt AI solutions. This practice poses significant data privacy risks. The Cato CTRL SASE Threat Report tracked ten AI applications and associated security threats, with data privacy emerging as the primary concern. Shadow AI can lead to unvetted applications being used within organizations, potentially exposing sensitive data to unauthorized access and misuse.

The increasing use of AI without proper oversight highlights the necessity for organizations to implement stringent policies and monitoring mechanisms to govern AI adoption. Failing to do so could lead to severe consequences, including data breaches and regulatory penalties. As organizations continue to integrate AI into their operations, addressing the risks associated with Shadow AI becomes imperative to ensuring data privacy and overall security.

The Critical Importance of TLS Inspection

Underutilization of TLS in Organizations

Transport Layer Security (TLS) is a crucial security protocol designed to encrypt data transmitted over the internet. However, the Cato CTRL SASE Threat Report reveals that only 45% of organizations enable TLS inspection, a practice essential for decrypting, inspecting, and re-encrypting traffic. This process helps prevent threat actors from leveraging TLS traffic to evade detection. Without comprehensive TLS inspection, organizations are vulnerable to hidden threats that can infiltrate their networks undetected.

The report highlights numerous attempts to exploit Common Vulnerabilities and Exposures (CVEs) such as Log4j, SolarWinds, and ConnectWise that were blocked in TLS traffic. This finding underscores the urgent need for organizations to prioritize TLS inspection in their cybersecurity strategies. While enabling TLS inspection may require additional resources and investment, its benefits in detecting and mitigating cyber threats far outweigh the costs. Organizations must recognize the critical role of TLS inspection in safeguarding their networks against increasingly sophisticated attacks.

The Path Forward for Cybersecurity

In a concerning cybercrime trend, ransomware gangs are now recruiting penetration testers, also known as pen testers, to boost the effectiveness of their attacks. This alarming development was revealed in Cato Network’s Cato Cyber Threats Research Lab (CTRL) Q3 2024 Cato CTRL SASE Threat Report. Noteworthy ransomware groups such as Apos, Lynx, and Rabbit Hole are actively seeking skilled pen testers to fortify their operations. This shift represents a notable evolution in ransomware-as-a-service (RaaS) and underscores the gangs’ meticulous recruitment strategies aimed at enhancing their malicious campaigns. By enlisting pen testers, ransomware organizations aim to leverage these experts’ deep understanding of network vulnerabilities and security measures. This move allows them to craft more sophisticated and penetrating attacks, posing a growing threat to cybersecurity efforts. The recruitment of pen testers by these groups highlights the increasing professionalism and organization within the cybercriminal underworld, making it imperative for businesses and cybersecurity professionals to stay vigilant and adapt to these emerging threats.

Explore more

Digital Transformation Challenges – Review

Imagine a boardroom where executives, once brimming with optimism about technology-driven growth, now grapple with mounting doubts as digital initiatives falter under the weight of complexity. This scenario is not a distant fiction but a reality for 65% of business leaders who, according to recent research, are losing confidence in delivering value through digital transformation. As organizations across industries strive

Understanding Private APIs: Security and Efficiency Unveiled

In an era where data breaches and operational inefficiencies can cripple even the most robust organizations, the role of private APIs as silent guardians of internal systems has never been more critical, serving as secure conduits between applications and data. These specialized tools, designed exclusively for use within a company, ensure that sensitive information remains protected while workflows operate seamlessly.

How Does Storm-2603 Evade Endpoint Security with BYOVD?

In the ever-evolving landscape of cybersecurity, a new and formidable threat actor has emerged, sending ripples through the industry with its sophisticated methods of bypassing even the most robust defenses. Known as Storm-2603, this ransomware group has quickly gained notoriety for its innovative use of custom malware and advanced techniques that challenge traditional endpoint security measures. Discovered during a major

Samsung Rolls Out One UI 8 Beta to Galaxy S24 and Fold 6

Introduction Imagine being among the first to experience cutting-edge smartphone software, exploring features that redefine user interaction and security before they reach the masses. Samsung has sparked excitement among tech enthusiasts by initiating the rollout of the One UI 8 Beta, based on Android 16, to select devices like the Galaxy S24 series and Galaxy Z Fold 6. This beta

Broadcom Boosts VMware Cloud Security and Compliance

In today’s digital landscape, where cyber threats are intensifying at an alarming rate and regulatory demands are growing more intricate by the day, Broadcom has introduced groundbreaking enhancements to VMware Cloud Foundation (VCF) to address these pressing challenges. Organizations, especially those in regulated industries, face unprecedented risks as cyberattacks become more sophisticated, often involving data encryption and exfiltration. With 65%