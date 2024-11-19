Multiple Russian-language job listings have been discovered following the firm’s monitoring of discussions on the Russian Anonymous Marketplace (RAMP).

This according to the findings from Cato Network’s Cato Cyber Threats Research Lab (CTRL) in its new Q3 2024 Cato CTRL SASE Threat Report.

Threat actors are actively seeing pen testers to join various ransomware affiliate programs, including Apos, Lynx and Rabbit Hole.

“Penetration testing is a term from the security side of things when we try to reach our own systems to see if there are any holes. Now, ransomware gangs are hiring people with the same level of expertise - not to secure systems, but to target systems,” said Etay Maor, Chief Security Strategist at Cato Networks, speaking to press at an event in Stuttgart, Germany on November 12.

“There's a whole economy in the criminal underground just behind this area of ransomware.”

Any good developer knows that software needs to be tested before deploying in production environments, Cato Networks noted.

This is also true for ransomware gangs. They want to ensure that their ransomware can be deployed successfully against organizations. This is why Maor’s team believes they are recruiting people with these skills.

“[Ransomware-as-a-service] is constantly evolving. I think they're going into much more details than before, especially in some of their recruitment,” he said.

Ransomware-as-a-Service Live and Kicking

Other observations Maor and his team made when analyzing the dark web included an example of locker source code being sold for $45,000.

“The bar keeps going down in terms of how much it takes to be a criminal,” Maor said.

In the past cybercriminals may have needed to know how to program. Then in the early 2000s, you could buy viruses, he noted.

“Now you don't need to even buy them because [other cybercriminals] will do this for you,” Maor commented.

He added that AI is playing a large role in lowering the barrier to entry for cybercriminals.

Typically, these tactics are being exploited ransomware gangs motivated by financial gain.