New Threat Report from Cato Networks Reveals Ransomware Gangs Recruiting Penetration Testers to Improve Effectiveness of Attacks
Cato's quarterly report also highlights the dangers of shadow AI and importance of TLS inspection
TEL AVIV, Israel, Nov. 19, 2024 /PRNewswire/ -- Cato Networks, the SASE leader, today published the Q3 2024 Cato CTRL SASE Threat Report, which provides insights into the threat landscape across several key areas: hacking communities and the dark web, enterprise security and network security.
"Ransomware is one of the most pervasive threats in the cybersecurity landscape. It impacts everyone—businesses and consumers—and threat actors are constantly trying to find new ways to make their ransomware attacks more effective," said Etay Maor, chief security strategist at Cato Networks. "In the Q3 2024 Cato CTRL SASE Threat Report, we highlight a trend of ransomware gangs recruiting pen testers. We believe this is to test whether their ransomware works for future attacks."
Threat actors recruiting pen testers for ransomware affiliate programs
In closely monitoring discussions on RAMP (Russian Anonymous Marketplace), Cato CTRL has observed threat actors seeking pen testers to join various ransomware affiliate programs including Apos, Lynx and Rabbit Hole.
Any good developer knows that software needs to be tested before deploying in production environments. This is also true for ransomware gangs. They want to ensure that their ransomware can be deployed successfully against organizations.
Shadow AI lurks in the background for organizations
Shadow AI refers to the unauthorized or unsanctioned use of AI applications and tools within an organization without the knowledge or approval of IT departments or security teams. This phenomenon typically involves employees or departments adopting AI solutions independently and bypassing formal vetting processes and governance controls.
Out of the hundreds of AI applications that Cato CTRL monitors, Cato CTRL tracked 10 AI applications used by organizations (Bodygram, Craiyon, Otter.ai, Writesonic, Poe, HIX.AI, Fireflies.ai, PeekYou, Character.AI and Luma AI) and observed various security risks. The top concern is data privacy.
"Shadow AI is a major threat that has emerged in 2024," said Maor. "Organizations should be mindful of the unauthorized use of AI applications and the dangers of letting employees inadvertently expose sensitive information."
TLS attack attempts reveal TLS inspection not utilized enough
TLS inspection allows organizations to decrypt, inspect and re-encrypt traffic. However, TLS inspection can break applications and access to some domains. As such, many organizations choose to forgo TLS inspection entirely or bypass inspection for a large portion of their traffic.
Cato CTRL found that only 45% of participating organizations enable TLS inspection. Even then, only 3% of organizations inspected all relevant TLS-encrypted sessions. This leaves the door open for threat actors to utilize TLS traffic and remain undetected. Organizations must inspect TLS sessions to protect themselves. In Q3 2024, Cato CTRL found that 60% of attempts to exploit CVEs were blocked in TLS traffic. CVEs included Log4j, SolarWinds and ConnectWise.
When TLS inspection is enabled, organizations are better protected. In Q3 2024, Cato CTRL found that organizations who enabled TLS inspection blocked 52% more malicious traffic than organizations without TLS inspection.
Resources
- Download the Q3 2024 Cato CTRL SASE Threat Report.
- Read the blog from Cato CTRL.
- Visit the Cato CTRL page to learn more about Cato's threat intelligence team.
- Learn more about Safe TLS Inspection announced today, which is Cato's groundbreaking solution that enables organizations to safely and easily inspect encrypted traffic.
Methodology
The Q3 2024 Cato CTRL SASE Threat Report summarizes findings from Cato CTRL's analysis of 1.46 trillion network flows across more than 2,500 customers globally between July and September 2024.
About Cato CTRL
Cato CTRL (Cyber Threats Research Lab) is the world's first CTI group to fuse threat intelligence with granular network insight, made possible by Cato's global SASE platform. By bringing together dozens of former military intelligence analysts, researchers, data scientists, academics and industry-recognized security professionals, Cato CTRL utilizes network data, security stack data, hundreds of security feeds, human intelligence operations, AI (Artificial Intelligence), and ML (Machine Learning) to shed light on the latest cyber threats and threat actors.
About Cato Networks
Cato Networks delivers enterprise security and networking in a single cloud platform. The SASE leader creates a seamless and elegant customer experience that effortlessly enables threat prevention, data protection, and timely incident detection and response. With Cato, organizations replace costly and rigid legacy infrastructure with an open and modular SASE architecture based on SD-WAN, a purpose-built global cloud network, and an embedded cloud-native security stack.
Want to learn why thousands of organizations secure their future with Cato? Visit us at www.catonetworks.com.
Media Contact
Cato Communications
press@catonetworks.com
Share this article