In a concerning development in the world of cybercrime, ransomware gangs have turned to recruiting penetration testers, commonly known as pen testers, to improve the effectiveness of their attacks. This trend has been brought to light by the findings of Cato Network’s Cato Cyber Threats Research Lab (CTRL) in their Q3 2024 Cato CTRL SASE Threat Report. Renowned ransomware groups like Apos, Lynx, and Rabbit Hole have been actively seeking skilled pen testers to join their ranks. This marks a significant evolution in ransomware-as-a-service (RaaS) and highlights their meticulous and detailed recruitment strategies.
The New Role of Pen Testers in Cybercrime
From Protectors to Attackers
Traditionally, penetration testers have played a vital role in cybersecurity by identifying vulnerabilities in systems and helping organizations secure their infrastructure. However, recent findings show that ransomware gangs are now hiring these skilled professionals not to protect but to target systems more effectively. According to Etay Maor, Chief Security Strategist at Cato Networks, this shift signifies a major evolution in the RaaS ecosystem, as cybercriminals now employ specialized expertise typically reserved for defending against attacks. This change in strategy indicates a more sophisticated approach in executing ransomware operations, increasing the threat landscape for potential victims.
The discovery of job listings on the Russian Anonymous Marketplace (RAMP) further confirms the lengths to which these cybercriminal groups are willing to go to obtain the expertise they need. By leveraging the skills of pen testers, ransomware gangs can identify and exploit vulnerabilities with greater precision, making their attacks more potent and difficult to fend off. These developments underscore the growing complexity and professionalization within the cybercrime industry, posing significant challenges for cybersecurity professionals and organizations worldwide.
Increasing Accessibility and Lowering Barriers in Cybercrime
Ransomware Source Codes for Purchase
The accessibility and lowering barriers to entry within cybercrime is another alarming trend highlighted in the Cato CTRL SASE Threat Report. Ransomware source codes are increasingly available for purchase on the dark web, making it easier for aspiring cybercriminals to launch their attacks without extensive technical knowledge. For instance, locker source code can be found for a price of $45,000. This availability significantly reduces the effort and expertise required to develop ransomware, democratizing access to powerful cyber weapons.
Additionally, the rise of AI has further facilitated these crimes by lowering the entry threshold. AI tools can automate tasks and provide step-by-step guides, empowering even novice hackers to carry out sophisticated attacks. A notable example from the report involves a user named ‘eloncrypto’ who was discovered selling a builder for MAKOP ransomware, a variant of the PHOBOS ransomware. This trend of increasing accessibility means that a broader range of individuals can engage in cybercriminal activities, exacerbating the threat landscape for all digital users.
Shadow AI and Data Privacy Risks
Another critical finding from the report is the emergence of Shadow AI, where employees bypass formal processes to adopt AI solutions. This practice poses significant data privacy risks. The Cato CTRL SASE Threat Report tracked ten AI applications and associated security threats, with data privacy emerging as the primary concern. Shadow AI can lead to unvetted applications being used within organizations, potentially exposing sensitive data to unauthorized access and misuse.
The increasing use of AI without proper oversight highlights the necessity for organizations to implement stringent policies and monitoring mechanisms to govern AI adoption. Failing to do so could lead to severe consequences, including data breaches and regulatory penalties. As organizations continue to integrate AI into their operations, addressing the risks associated with Shadow AI becomes imperative to ensuring data privacy and overall security.
The Critical Importance of TLS Inspection
Underutilization of TLS in Organizations
Transport Layer Security (TLS) is a crucial security protocol designed to encrypt data transmitted over the internet. However, the Cato CTRL SASE Threat Report reveals that only 45% of organizations enable TLS inspection, a practice essential for decrypting, inspecting, and re-encrypting traffic. This process helps prevent threat actors from leveraging TLS traffic to evade detection. Without comprehensive TLS inspection, organizations are vulnerable to hidden threats that can infiltrate their networks undetected.
The report highlights numerous attempts to exploit Common Vulnerabilities and Exposures (CVEs) such as Log4j, SolarWinds, and ConnectWise that were blocked in TLS traffic. This finding underscores the urgent need for organizations to prioritize TLS inspection in their cybersecurity strategies. While enabling TLS inspection may require additional resources and investment, its benefits in detecting and mitigating cyber threats far outweigh the costs. Organizations must recognize the critical role of TLS inspection in safeguarding their networks against increasingly sophisticated attacks.
The Path Forward for Cybersecurity
In a concerning cybercrime trend, ransomware gangs are now recruiting penetration testers, also known as pen testers, to boost the effectiveness of their attacks. This alarming development was revealed in Cato Network’s Cato Cyber Threats Research Lab (CTRL) Q3 2024 Cato CTRL SASE Threat Report. Noteworthy ransomware groups such as Apos, Lynx, and Rabbit Hole are actively seeking skilled pen testers to fortify their operations. This shift represents a notable evolution in ransomware-as-a-service (RaaS) and underscores the gangs’ meticulous recruitment strategies aimed at enhancing their malicious campaigns. By enlisting pen testers, ransomware organizations aim to leverage these experts’ deep understanding of network vulnerabilities and security measures. This move allows them to craft more sophisticated and penetrating attacks, posing a growing threat to cybersecurity efforts. The recruitment of pen testers by these groups highlights the increasing professionalism and organization within the cybercriminal underworld, making it imperative for businesses and cybersecurity professionals to stay vigilant and adapt to these emerging threats.