Ransomware Gangs Turn to Penetration Testing to Launch Increasingly Sophisticated Attacks

Third-party IT consultants can provide a 360-degree, 24/7 overview of an organisation, giving a comprehensive view of where vulnerabilities lie 

By AJ Thompson, CCO at IT consultancy Northdoor plc

New research has found that cybercriminals are increasingly turning to freelance penetration testers (pentesters) to improve the effectiveness of their ransomware attacks and to find new avenues for intrusion. 

Organisations turn to penetration testing to identify vulnerabilities within their own systems. For cybercriminals the same rule applies, and they are as professional at utilising pentesting as the companies they are hacking.  

Cybercriminals want to ensure that their ransomware can be deployed successfully against an organisation. Research has shown that malware writers are scouring the dark web looking to recruit knowledgeable, freelance pentesters (or red hat hackers) to test their malware payloads on multiple virtual systems for its effectiveness. 

Red hat hackers are then able to advise malware operators on possible weak points in which they can use to break into networks and ultimately compromise data for a ransomware extortion. 

This business model has been so effective that malware is now being offered as part of an affiliate program. Each affiliate is responsible for installing and carrying out attacks themselves, while the ransomware group takes a percentage of the payout. 

With the global penetration testing market valued at $2.20 billion in 2023 with it projected to grow from $2.45 billion in 2024 and reach $6.35 billion by 2032, it is no surprise that otherwise legitimate freelance penetration testers (or white hat hackers) could be recruited into red hat activity should ransomware gangs offer a better price. As AJ Thompson, CCO at Northdoor plc explains.  

“Organisations turn to freelance white hat hackers to expose their network vulnerabilities and to help ensure they can improve their security posture. The fact that many of these freelance white hat hackers could be tempted to turn red for the right price, is incredibly concerning. 

“Potentially this could result in attack techniques becoming harder to detect and the creation of a worst-case scenario in which new ransomware is deployed before cybersecurity experts get the chance to analyse and mitigate it. 

“Companies are more reliant than ever on technology for their day-to-day operations. As a result, there are more points of access for cybercriminals to take advantage of and if compromised it can have a devastating impact on the ability to continue operating. 

“All organisations and their partners and suppliers need to understand that just because defence systems were previously validated doesn’t necessarily mean they are secure now. Quite simply, they cannot afford to downgrade their cybersecurity efforts. However, with many facing budget restraints and understaffing, rigorously assessing partners, suppliers and systems may not be something that can be undertaken in-house.  

“Turning to third-party IT consultancies that have the experience and expertise to advise on the most appropriate cyber defences and then implement and manage them is vital. This allows smaller IT in-house teams to focus on other, critical business functions, whilst having peace of mind that the security is in the hands of a proactive and expert team.   

“Third-party IT consultants can provide a 360-degree, 24/7 overview of an organisation, giving a comprehensive view of where vulnerabilities lie. This allows organisations to have urgent conversations with partners and suppliers to close the vulnerabilities before they are exploited by cybercriminals.   “Ransomware attacks are extremely lucrative and therefore are not going to go away any time soon. Getting ahead of any future attacks using AI, automation and threat intelligence will be crucial for organisations. Effective prevention, detection and response technologies implemented by third-party IT consultants, will enable organisations to proactively defend against an attack,” concluded Thompson.