Cybercriminals are increasingly turning to freelance penetration testers to improve the effectiveness of ransomware attacks and to find new avenues for intrusion, according to new research from IT consultancy firm Northdoor.
Many organisations turn to third-party IT consultants for penetration testing to identify vulnerabilities within their own systems. These consultants can provide a complete overview of an organisation, offering a comprehensive review of where weaknesses exist.
But now, cybercriminals are using this service against the very organisations it was created to help protect. Cybercriminals want to ensure that their ransomware can be deployed successfully against an organisation. Research has shown that malware writers are scouring the dark web looking to recruit knowledgeable, freelance penetration testers (or red hat hackers) to test their malware payloads on multiple virtual systems for its effectiveness.
Red hat hackers are then able to advise malware operators on possible weak points which they can use to break into networks and ultimately compromise data for ransomware extortion.
This business model has been so effective that malware is now being offered as part of an affiliate programme. Each affiliate is responsible for installing and carrying out attacks themselves, while the ransomware group takes a percentage of the payout.
AJ Thompson, CCO at Northdoor, explains the challenges penetration testing can present: “Organisations turn to freelance white hat hackers to expose their network vulnerabilities and to help ensure they can improve their security posture. The fact that many of these freelance white hat hackers could be tempted to turn red for the right price, is incredibly concerning.
“Potentially this could result in attack techniques becoming harder to detect and the creation of a worst-case scenario in which new ransomware is deployed before cybersecurity experts get the chance to analyse and mitigate it.
Beating cybercriminals to the punch
With the global penetration testing market valued at $2.20billion in 2023 with it projected to grow from $2.45billion in 2024 and reach $6.35billion by 2032, it is no surprise that otherwise legitimate freelance penetration testers (or white hat hackers) could be recruited into red hat activity should ransomware gangs offer a better price.
Thompson adds: “Companies are more reliant than ever on technology for their day-to-day operations. As a result, there are more points of access for cybercriminals to take advantage of and if compromised it can have a devastating impact on the ability to continue operating.
“All organisations and their partners and suppliers need to understand that just because defence systems were previously validated doesn’t necessarily mean they are secure now. Quite simply, they cannot afford to downgrade their cybersecurity efforts. However, with many facing budget restraints and understaffing, rigorously assessing partners, suppliers and systems may not be something that can be undertaken in-house.
“Turning to third-party IT consultancies that have the experience and expertise to advise on the most appropriate cyber defences and then implement and manage them is vital. This allows smaller IT in-house teams to focus on other, critical business functions, whilst having peace of mind that the security is in the hands of a proactive and expert team.
“Third-party IT consultants can allow organisations to have urgent conversations with partners and suppliers to close the vulnerabilities before they are exploited by cybercriminals.
“Ransomware attacks are extremely lucrative and therefore are not going to go away any time soon. Getting ahead of any future attacks using AI, automation and threat intelligence will be crucial for organisations. Effective prevention, detection and response technologies implemented by third-party IT consultants, will enable organisations to proactively defend against an attack,” concluded Thompson.
The post Northdoor: Cybercriminals Increasingly Using Penetration Testing to Identify Firm’s Vulnerabilities appeared first on The Fintech Times.