In recent years, job postings in the software and IT sectors have become commonplace, with companies constantly searching for skilled professionals to fill various technical roles. However, a concerning new trend has emerged, showing the increasing professionalization of cybercrime: hacking groups, particularly those operating from Russia, have begun posting direct job advertisements online. These ads seek to recruit penetration testers (pen testers), signaling a disturbing shift in the sophistication of cybercriminal operations.
Malware distributors such as Apos, Lynx, and Rabbit Hole—well-known groups in the world of cybercrime—are now actively advertising job openings that require expertise in penetration testing. These roles, typically sought by legitimate businesses looking to strengthen their network security, are now being co-opted by cybercriminals looking to exploit vulnerabilities in their victims’ systems. Penetration testing, which involves simulating cyberattacks to identify and fix security weaknesses, is a valuable skill that enables attackers to more effectively infiltrate networks.
Penetration Testers Wanted: A New Kind of Cybercrime Recruitment
In the first week of November 2024, several job posting platforms were found to be listing vacancies specifically targeting penetration testers. The job descriptions had unusual requirements, such as fluency in Russian and familiarity with various dark web data leak forums. These platforms, which have traditionally served as gateways to legitimate employment opportunities, are now becoming channels for illicit activities. According to these postings, pen testers would be required to perform tasks aimed at identifying and exploiting weaknesses in target networks, providing hacking groups with the skills needed to breach systems with greater efficiency.
A penetration tester, or ethical hacker, is a professional who attempts to hack into a network to find vulnerabilities before malicious hackers can exploit them. While this role is crucial for cybersecurity in legitimate businesses, the same skill set is being increasingly sought by cybercriminals, who are using these professionals to carry out illicit cyberattacks.
Cato Networks Discovers the New Trend in Cybercrime
The disturbing trend was first detected by Cato Networks, a cybersecurity firm based in Israel. Their discovery was published in the Q3 2024 Cato CTRL SASE Threat Report, which not only highlighted the growing trend of cybercriminals recruiting pen testers but also pointed to another rising threat in the cybercrime landscape: the illegal use of artificial intelligence (AI) for fraudulent activities, often referred to as “Shadow AI.”
According to Cato Networks, the penetration tester positions being advertised by these hacker groups are being filled in an anonymous manner. Prospective candidates are hired via online platforms, with most communication taking place in encrypted environments such as TOR and Telegram. These anonymous channels allow the hackers to discreetly connect with potential recruits from around the world, ensuring that their activities remain hidden from law enforcement.
The Growing Threat of Shadow AI
In addition to the troubling rise of pen tester recruitment, Cato Networks’ report also raised concerns about the increasing use of Shadow AI. This term refers to the illegal use of AI technologies and tools to perpetrate cybercrime. A key example of Shadow AI is the rise of “deepfakes,” where AI is used to manipulate audio and video content, making it appear as though someone is saying or doing something they never did. This technology is being exploited by cybercriminals to spread disinformation, commit fraud, or damage reputations.
The report emphasizes the potential dangers of Shadow AI, noting that it has become an integral tool in the cybercriminal toolkit. As AI technologies become more accessible, the possibilities for their misuse in criminal activities continue to expand, creating a need for greater vigilance from both the public and private sectors.
Law Enforcement Takes Action: A Global Response
While the rise of cybercrime poses significant challenges, there is some good news: law enforcement agencies around the world are beginning to take notice and are deploying specialized tools to combat these growing threats. Agencies such as the FBI and Europol are now closely monitoring these emerging trends, focusing particularly on the hiring of pen testers by hacking groups and the illegal use of AI.
In fact, Operation Cronos—a large-scale effort led by Europol in collaboration with law enforcement agencies worldwide—serves as a prime example of the proactive steps being taken to combat cybercrime. This operation demonstrated that law enforcement agencies are actively surveilling cybercriminal activity, tracking down individuals involved in these illegal networks, and dismantling them before they can cause significant damage.
The FBI, in particular, has made substantial efforts to keep track of cybercriminal operations, leveraging advanced tools and techniques to identify and monitor criminal groups. Once law enforcement agencies receive credible tips or intelligence, they quickly move to monitor the suspects and, in many cases, catch them in the act.
Conclusion: The Need for Vigilance in an Evolving Cyber Threat Landscape
The increasing professionalization of cybercrime, as evidenced by the recruitment of pen testers by Russian hacking groups, is a stark reminder of the ever-evolving nature of cyber threats. As criminal organizations adopt more sophisticated methods, it becomes even more critical for both public and private sectors to remain vigilant and proactive in their defense strategies.
While the efforts of law enforcement are commendable, the rise of Shadow AI and the growing demand for specialized skills such as penetration testing by criminal groups highlight the need for greater collaboration, improved cybersecurity awareness, and enhanced international cooperation. The fight against cybercrime is a continuous one, but with concerted effort and vigilance, there is hope that these criminal activities can be thwarted before they can inflict lasting damage on society.
