A disturbing new trend shows the increasing professionalization of cybercrime, with hacking groups in Russia actively advertising job openings for pen testers. These positions require expertise in penetration testing, which checks identified vulnerabilities and helps attackers to infiltrate networks more efficiently. In the first week of November 2024, several job posting platforms were found to be listing vacancies for pen testers. Cybersecurity firm Cato Networks highlights that the hackers are filling these advertised positions in an anonymous manner via online platforms, with most communication taking place in encrypted environments such as TOR and Telegram.
The Cato CTRL SASE Threat Report revealed how cybercriminals are increasingly using Shadow AI, a term that refers to the illegal use of AI technologies and tools in cybercrime activities. The report emphasizes the potential dangers of Shadow AI, which has become an integral tool in the cybercriminal toolkit, as the possibilities for their misuse in criminal activities continue to expand.
Law enforcement agencies are closely monitoring these emerging trends globally, focusing on the illegal use of AI and the hiring of pen testers by hacking groups. Operation Cronos, a large-scale effort led by Europol in collaboration with other law enforcement agencies, serves as a prime example of proactive steps being taken to combat cybercrime. Even the FBI is working on this issue, monitoring suspects (in many cases, catching them in the act) using advanced tools and techniques.
The increasing professionalization of cybercrime, reflected in hiring pen testers by Russian hacking groups, serves as a reminder of the ever-evolving nature of cyber threats. Therefore, both the public and private sectors should remain vigilant and proactive in their defense strategies.
The rise of Shadow AI and the growing demand for specialized skills such as penetration testing by criminal groups highlight the need for enhanced international cooperation, and improved cybersecurity awareness, as cybercrime continues to pose a significant threat.