Threat actors are hiring freelance pentesters to improve the effectiveness of their ransomware attacks.
This is according to security vendor Cato Networks, whose research has found that malware networks are increasingly looking to employ the services of freelance security researchers to find new avenues for intrusion.
“Any good developer knows that software needs to be tested before deploying in production environments,” said Cato.
“This is also true for ransomware gangs. They want to ensure that their ransomware can be deployed successfully against organizations.”
The researchers combed darknet forums and underground boards to gather multiple instances of malware writers looking to recruit knowledgeable pentesters to try their malware payloads on multiple virtual systems and return the results.
The idea is that the red team professionals are able to clue the malware operators in on possible weak points in which they can break into networks and ultimately compromise corporate data for a ransomware extortion.
According to the researchers, the malware is being offered as part of an affiliate program. In such cases, each affiliate is responsible for installing and carrying out the attack themselves, while the ransomware vendor operates as the backbone and takes a cut of the payout.
This sort of behavior is to be expected of malware distributors; any possible point of entry is key when it comes to cybercrime extortion.
That otherwise legitimate penetration testers would be recruited into such activity is, however, a major headache.
Organizations have only recently opened up to the idea of hiring freelance white hat hackers to expose their network vulnerabilities and, should criminal gangs offer a better price, many of those white hats will be awfully tempted to turn black.
This could result in attack techniques becoming harder to detect and the creation of a nightmare scenario in which new exploits are deployed before network defenders get the chance to analyze and counter the threats.
“Ransomware is continuously being developed with advanced encryption algorithms, and other techniques like multithreading and custom configurations,” said Cato.
“Early identification of these patterns through advanced threat detection, AI-driven anomaly monitoring and robust endpoint protection is critical to counteract evolving ransomware threats.”
