MedusaLocker, the ransomware-as-a-service (RaaS) group that has been energetic since 2019 is overtly recruiting for penetration testers to assist it compromise extra companies.
As Safety Affairs reviews, MedusaLocker has posted a job advert on its darkish internet leak web site, which pointedly invitations pentesters who have already got direct entry to company networks to make contact.
“If you do not have entry, please do not waste your time”
From the sound of issues, MedusaLocker (which shouldn’t be confused with the similarly-named Medusa ransomware group) is basically involved in being contacted by firm insiders and preliminary entry brokers who can assist attackers achieve quick access to an enterprise community.
Preliminary entry brokers specialize in gaining unauthorised entry to pc networks, after which promote their entry to different cybercriminals.
They’ll usually exploit human weak point by profiting from misconfigured or unpatched techniques, or deploy phishing and social engineering assaults to infiltrate a company community.
The final word objective of the preliminary entry dealer is to promote their distant community entry to different cybercriminals who will most probably monetise the scenario by stealing knowledge and deploying ransomware.
Typically an preliminary entry dealer will spend effort and time searching for unauthorised entry to a digital personal community, e mail server, or distant desktop protocol (RDP), permitting ransomware teams to release their very own time to deploy ransomware insider networks relatively than making an attempt to interrupt into firms themselves.
As CISA warned again in 2022, MedusaLocker assaults have closely relied upon vulnerabilities in RDP to entry victims’ networks previously.
So, what has this to do with penetration testing?
Penetration testers (or “pentesters”) are cybersecurity professionals who use the methods usually utilized by cybercriminals to determine weak point in an organization’s defences earlier than a malicious hacker does.
They responsibly report their findings again to the corporate, and work with them to resolve any points.
A reputable pentester would undoubtedly have the skillset required to seek for weaknesses in a company community, and maybe achieve entry. However one hopes that they’d be too moral to take action with out authorisation from the corporate concerned.
However right here we see the MedusaLocker gang virtually headhunting expertise from the identical pool of people who find themselves usually employed to assist firms defend themselves from cyber assault.
The strains between reputable cybersecurity work and cybercrime are as soon as once more blurring.
“Each firm will get penetration examined, whether or not or not they pay somebody for the pleasure,” goes an outdated adage within the business.
All organisations should be on their guard, and have put layered protections in place, to stop themselves from turning into the following ransomware statistic.
It’s clear from even probably the most informal learn of the headlines that increasingly firms are falling foul of ransomware assaults, and that the cybercriminals are discovering it far too straightforward to realize an preliminary intrusion into companies from which they’ll launch their assault.
One hopes that companies are placing as a lot effort into hiring the expertise to defend their networks, as ransomware gangs seem like placing into recruiting pentesters who will open the door for assaults.
Editor’s Notice: The opinions expressed on this and different visitor creator articles are solely these of the contributor and don’t essentially mirror these of Fortra.
