New research reveals a disturbing trend: cybercriminals are enlisting freelance penetration testers (pentesters) to amplify the effectiveness of their ransomware attacks
Traditionally, organisations employ pentesters to identify vulnerabilities in their systems. Now, ransomware gangs are leveraging this same strategy, hiring skilled individuals on the dark web to rigorously test their malware payloads against various virtual systems. What’s enticing eithical white hat hackers to become red hat hackers? More money, what else?
Going to the dark side: red v. white hackers
These “red hat hackers” provide crucial insights into potential network weaknesses, enabling attackers to breach defences and execute ransomware attacks more effectively.
This collaborative approach has spawned a lucrative affiliate programme, where individuals deploy ransomware and receive a percentage of the ill-gotten gains. With the penetration testing market projected to reach $6.35 billion by 2032, the financial incentive for white hat hackers to “turn red” is substantial.
“The fact that many freelance white hat hackers could be tempted to turn red for the right price is incredibly concerning,” warns AJ Thompson, CCO at Northdoor plc. “This could lead to harder-to-detect attack techniques and the deployment of new ransomware strains before cybersecurity experts can analyse and mitigate them.”
Cyber job opportunities
This evolving threat underscores the need for companies to remain vigilant and proactive in their cybersecurity efforts. Thompson emphasises the importance of continuous vulnerability assessment and collaboration with trusted IT consultancies.
“All organisations and their partners and suppliers need to understand that just because defence systems were previously validated doesn’t necessarily mean they are secure now,” says Thompson.
He continues, “Quite simply, they cannot afford to downgrade their cybersecurity efforts. However, with many facing budget restraints and understaffing, rigorously assessing partners, suppliers and systems may not be something that can be undertaken in-house.”
He says, “Third-party IT consultants can provide a 360-degree, 24/7 overview of an organisation, giving a comprehensive view of where vulnerabilities lie. This allows organisations to have urgent conversations with partners and suppliers to close the vulnerabilities before they are exploited by cybercriminals.”