MedusaLocker, the ransomware-as-a-service (RaaS) group that has been energetic since 2019 is brazenly recruiting for penetration testers to assist it compromise extra companies.
As Safety Affairs stories, MedusaLocker has posted a job advert on its darkish net leak web site, which pointedly invitations pentesters who have already got direct entry to company networks to make contact.
“If you do not have entry, please do not waste your time”
From the sound of issues, MedusaLocker (which shouldn’t be confused with the similarly-named Medusa ransomware group) is basically fascinated with being contacted by firm insiders and preliminary entry brokers who may also help attackers achieve easy accessibility to an enterprise community.
Preliminary entry brokers specialize in gaining unauthorised entry to laptop networks, after which promote their entry to different cybercriminals.
They’ll typically exploit human weak point by profiting from misconfigured or unpatched methods, or deploy phishing and social engineering assaults to infiltrate a company community.
The final word purpose of the preliminary entry dealer is to promote their distant community entry to different cybercriminals who will probably monetise the scenario by stealing knowledge and deploying ransomware.
Usually an preliminary entry dealer will spend effort and time in search of unauthorised entry to a digital non-public community, electronic mail server, or distant desktop protocol (RDP), permitting ransomware teams to unlock their very own time to deploy ransomware insider networks quite than trying to interrupt into firms themselves.
As CISA warned again in 2022, MedusaLocker assaults have closely relied upon vulnerabilities in RDP to entry victims’ networks previously.
So, what has this to do with penetration testing?
Penetration testers (or “pentesters”) are cybersecurity professionals who use the methods typically utilized by cybercriminals to determine weak point in an organization’s defences earlier than a malicious hacker does.
They responsibly report their findings again to the corporate, and work with them to resolve any points.
A reputable pentester would undoubtedly have the skillset required to seek for weaknesses in a company community, and maybe achieve entry. However one hopes that they’d be too moral to take action with out authorisation from the corporate concerned.
However right here we see the MedusaLocker gang virtually headhunting expertise from the identical pool of people who find themselves usually employed to assist firms defend themselves from cyber assault.
The strains between reputable cybersecurity work and cybercrime are as soon as once more blurring.
“Each firm will get penetration examined, whether or not or not they pay somebody for the pleasure,” goes an previous adage within the trade.
All organisations have to be on their guard, and have put layered protections in place, to stop themselves from turning into the subsequent ransomware statistic.
It’s clear from even probably the most informal learn of the headlines that increasingly more firms are falling foul of ransomware assaults, and that the cybercriminals are discovering it far too simple to realize an preliminary intrusion into companies from which they’ll launch their assault.
One hopes that companies are placing as a lot effort into hiring the expertise to defend their networks, as ransomware gangs look like placing into recruiting pentesters who will open the door for assaults.
Editor’s Observe: The opinions expressed on this and different visitor writer articles are solely these of the contributor and don’t essentially replicate these of Fortra.
