MedusaLocker, the ransomware-as-a-service (RaaS) group that has been energetic since 2019 is brazenly recruiting for penetration testers to assist it compromise extra companies.
As Safety Affairs experiences, MedusaLocker has posted a job advert on its darkish internet leak website, which pointedly invitations pentesters who have already got direct entry to company networks to make contact.
“If you do not have entry, please do not waste your time”
From the sound of issues, MedusaLocker (which shouldn’t be confused with the similarly-named Medusa ransomware group) is basically taken with being contacted by firm insiders and preliminary entry brokers who will help attackers achieve easy accessibility to an enterprise community.
Preliminary entry brokers concentrate on gaining unauthorised entry to pc networks, after which promote their entry to different cybercriminals.
They are going to usually exploit human weak spot by making the most of misconfigured or unpatched methods, or deploy phishing and social engineering assaults to infiltrate a company community.
The final word aim of the preliminary entry dealer is to promote their distant community entry to different cybercriminals who will almost certainly monetise the scenario by stealing knowledge and deploying ransomware.
Typically an preliminary entry dealer will spend effort and time searching for unauthorised entry to a digital non-public community, e mail server, or distant desktop protocol (RDP), permitting ransomware teams to liberate their very own time to deploy ransomware insider networks fairly than making an attempt to interrupt into firms themselves.
As CISA warned again in 2022, MedusaLocker assaults have closely relied upon vulnerabilities in RDP to entry victims’ networks up to now.
So, what has this to do with penetration testing?
Penetration testers (or “pentesters”) are cybersecurity professionals who use the methods usually utilized by cybercriminals to establish weak spot in an organization’s defences earlier than a malicious hacker does.
They responsibly report their findings again to the corporate, and work with them to resolve any points.
A professional pentester would undoubtedly have the skillset required to seek for weaknesses in a company community, and maybe achieve entry. However one hopes that they might be too moral to take action with out authorisation from the corporate concerned.
However right here we see the MedusaLocker gang virtually headhunting expertise from the identical pool of people who find themselves usually employed to assist firms shield themselves from cyber assault.
The traces between professional cybersecurity work and cybercrime are as soon as once more blurring.
“Each firm will get penetration examined, whether or not or not they pay somebody for the pleasure,” goes an previous adage within the business.
All organisations must be on their guard, and have put layered protections in place, to stop themselves from changing into the subsequent ransomware statistic.
It’s clear from even essentially the most informal learn of the headlines that increasingly firms are falling foul of ransomware assaults, and that the cybercriminals are discovering it far too straightforward to realize an preliminary intrusion into companies from which they will launch their assault.
One hopes that companies are placing as a lot effort into hiring the expertise to defend their networks, as ransomware gangs look like placing into recruiting pentesters who will open the door for assaults.
Editor’s Observe: The opinions expressed on this and different visitor writer articles are solely these of the contributor and don’t essentially replicate these of Fortra.
