Research has revealed that cybercriminals are increasingly leveraging freelance penetration testers (pentesters) to refine ransomware tactics and discover new vulnerabilities.
Originally a tool for businesses to identify and address security weaknesses, penetration testing is now being employed by hackers to maximise the efficiency of their ransomware deployments.
Ransomware operators are recruiting freelance pentesters, also referred to as “red hat hackers,” through the dark web. These professionals test malware payloads on various virtual systems to assess their effectiveness and identify exploitable weaknesses. The insights provided by red hat hackers allow ransomware operators to fine-tune their attacks, enabling them to breach networks and compromise data with greater precision.
This strategy has proven so effective that ransomware groups now operate affiliate programmes. Affiliates execute the attacks independently while the parent group takes a share of the proceeds, creating a streamlined and profitable business model.
A Growing Market and Emerging Threats
The penetration testing market, valued at $2.20 billion in 2023, is projected to grow to $6.35 billion by 2032. As the market expands, concerns arise about legitimate white hat hackers being lured into red hat activities by lucrative offers from ransomware gangs. AJ Thompson, Chief Commercial Officer at Northdoor plc, highlighted the risks:
“Organisations turn to freelance white hat hackers to expose their network vulnerabilities and to help ensure they can improve their security posture. The fact that many of these freelance white hat hackers could be tempted to turn red for the right price is incredibly concerning.”
Thompson warned that the involvement of red hat hackers could lead to the development of more sophisticated ransomware, increasing the difficulty of detection and mitigation. This would create a scenario where new threats emerge faster than cybersecurity experts can respond.
Strengthening Cyber Defences
The rise in ransomware attacks underscores the importance of robust cybersecurity measures. Organisations relying heavily on technology face heightened risks, as cybercriminals exploit an increasing number of access points.
Thompson stressed the importance of maintaining vigilance:
“All organisations and their partners and suppliers need to understand that just because defence systems were previously validated doesn’t necessarily mean they are secure now. Quite simply, they cannot afford to downgrade their cybersecurity efforts.”
Budget constraints and staffing shortages, however, can limit an organisation’s ability to conduct comprehensive security assessments internally. Engaging third-party IT consultancies with expertise in cybersecurity offers a viable solution. These firms provide a holistic view of an organisation’s vulnerabilities, enabling timely intervention to mitigate risks.
“Third-party IT consultants can provide a 360-degree, 24/7 overview of an organisation, giving a comprehensive view of where vulnerabilities lie,” Thompson said. “This allows organisations to have urgent conversations with partners and suppliers to close the vulnerabilities before they are exploited by cybercriminals.”
Proactive Measures Against Evolving Threats
Ransomware remains a lucrative venture for cybercriminals, ensuring its continued evolution. To counter these threats, organisations must adopt advanced technologies such as artificial intelligence, automation, and threat intelligence. Third-party consultants can play a critical role in implementing prevention, detection, and response strategies, enabling companies to proactively defend against attacks.
“Getting ahead of any future attacks using AI, automation and threat intelligence will be crucial for organisations,” Thompson concluded. “Effective prevention, detection and response technologies implemented by third-party IT consultants will enable organisations to proactively defend against an attack.”
As ransomware tactics grow more sophisticated, collaboration with specialised cybersecurity partners may be essential for organisations to safeguard their operations and data in the face of an ever-changing threat landscape.