Ransomware Gangs Evolve: They're Now Recruiting Penetration Testers



Ransomware Attacks EvolveA new and concerning cybersecurity trend has emerged. According to the latest Q3 2024 Cato CTRL SASE Threat Report from Cato Networks, ransomware gangs are now actively recruiting penetration testers to enhance the effectiveness of their attacks. 

This development signals a significant shift in the tactics employed by cybercriminals and underscores the need for organizations to remain vigilant in their defense strategies.

Traditionally, penetration testers, or "pen testers," have been employed by organizations to identify vulnerabilities in their systems. However, the report reveals that threat actors are now seeking these skilled professionals to join ransomware affiliate programs such as Apos, Lynx, and Rabbit Hole. This move mirrors legitimate software development practices, where testing is crucial before deployment.

Etay Maor, chief security strategist at Cato Networks, explains, "Ransomware is one of the most pervasive threats in the cybersecurity landscape. It impacts everyone—businesses and consumers—and threat actors are constantly trying to find new ways to make their ransomware attacks more effective."

The report also highlights the growing concern of "shadow AI" – the unauthorized use of AI applications within organizations. This practice poses significant risks, particularly regarding data privacy. Cato CTRL identified ten AI applications being used without proper vetting, including Bodygram, Craiyon, and Otter.ai. Organizations must be aware of the potential exposure of sensitive information through these unsanctioned AI tools.

Another critical finding from the report is the underutilization of TLS (Transport Layer Security) inspection. Only 45% of participating organizations enable TLS inspection, and a mere 3% inspect all relevant TLS-encrypted sessions. This gap in security leaves organizations vulnerable to attacks hidden within encrypted traffic.

The report found that 60% of attempts to exploit known vulnerabilities were blocked in TLS traffic during Q3 2024. Moreover, organizations that enabled TLS inspection blocked 52% more malicious traffic compared to those without it.

As ransomware gangs continue to evolve their tactics, it's clear that organizations must adapt their cybersecurity strategies accordingly. The recruitment of penetration testers by threat actors represents a significant escalation in the sophistication of ransomware attacks.

To stay ahead of these threats, businesses should:

  1. Implement comprehensive TLS inspection protocols
  2. Be vigilant about shadow AI usage within their organization
  3. Regularly update and test their cybersecurity measures
  4. Invest in employee training to recognize and report potential threats

By staying informed and proactive, organizations can better protect themselves against the ever-evolving landscape of cyber threats.


RanSim

Free downloadable software tool

Threat actors are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

RanSim gives you a quick look at the effectiveness of your existing network protection. RanSim will test 24 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.

RansIm-Monitor3Here's how it works:

  • 100% harmless simulation of real ransomware and cryptomining infections
  • Does not use any of your own files
  • Tests 25 types of infection scenarios
  • Just download the installer and run it
  • Results in a few minutes!

Get RanSim!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/ransim

Topics: Ransomware



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews