A new and concerning cybersecurity trend has emerged. According to the latest Q3 2024 Cato CTRL SASE Threat Report from Cato Networks, ransomware gangs are now actively recruiting penetration testers to enhance the effectiveness of their attacks.
This development signals a significant shift in the tactics employed by cybercriminals and underscores the need for organizations to remain vigilant in their defense strategies.
Traditionally, penetration testers, or "pen testers," have been employed by organizations to identify vulnerabilities in their systems. However, the report reveals that threat actors are now seeking these skilled professionals to join ransomware affiliate programs such as Apos, Lynx, and Rabbit Hole. This move mirrors legitimate software development practices, where testing is crucial before deployment.
Etay Maor, chief security strategist at Cato Networks, explains, "Ransomware is one of the most pervasive threats in the cybersecurity landscape. It impacts everyone—businesses and consumers—and threat actors are constantly trying to find new ways to make their ransomware attacks more effective."
The report also highlights the growing concern of "shadow AI" – the unauthorized use of AI applications within organizations. This practice poses significant risks, particularly regarding data privacy. Cato CTRL identified ten AI applications being used without proper vetting, including Bodygram, Craiyon, and Otter.ai. Organizations must be aware of the potential exposure of sensitive information through these unsanctioned AI tools.
Another critical finding from the report is the underutilization of TLS (Transport Layer Security) inspection. Only 45% of participating organizations enable TLS inspection, and a mere 3% inspect all relevant TLS-encrypted sessions. This gap in security leaves organizations vulnerable to attacks hidden within encrypted traffic.
The report found that 60% of attempts to exploit known vulnerabilities were blocked in TLS traffic during Q3 2024. Moreover, organizations that enabled TLS inspection blocked 52% more malicious traffic compared to those without it.
As ransomware gangs continue to evolve their tactics, it's clear that organizations must adapt their cybersecurity strategies accordingly. The recruitment of penetration testers by threat actors represents a significant escalation in the sophistication of ransomware attacks.
To stay ahead of these threats, businesses should:
- Implement comprehensive TLS inspection protocols
- Be vigilant about shadow AI usage within their organization
- Regularly update and test their cybersecurity measures
- Invest in employee training to recognize and report potential threats
By staying informed and proactive, organizations can better protect themselves against the ever-evolving landscape of cyber threats.
Here's how it works:
