Cybercrime is a booming business. So, like any other thriving market, the masterminds behind ransomware syndicates or online scam operations need workers, too. And they aren’t just looking for other criminal hackers. Developers, administrators and designers are in high demand.
And just as the cybersecurity market is competing for the best talent, cybercriminals are also offering high salaries and perks to attract the best. Some ads boasted annual salaries as high as $1.2 million for the skilled hackers.
According to new analysis from the cybersecurity firm Kaspersky, it appears that developers are the most sought after within the cybercrime ecosystem. The company’s researchers reviewed roughly 200,000 employment-related messages posted on 155 dark web forums between January 2020 and June 2022. The number of posts peaked in March 2022, possibly because of COVID-19-related lockdowns and income reductions in multiple countries. Nevertheless, job posts — both seeking employment and listing jobs — have exceeded 10,000 per quarter, the analysis found.
Other in-demand positions included attack specialists, reverse engineers, testers, analysts, administrators and designers. Even the most sophisticated hacking crews still need help, the researchers said.
Not all job listings are for roles performing illegal work — in fact, one “well-known Russian bank” sought to hire developers while others sought candidates to develop legal IT learning courses — but even the criminal work had the mundane sort of feel of typical employment ads. Test assignments were common, the researchers said, and included steps such as encrypting files, evading anti-virus detection and being generally professional and available online.
Other parts of the listings would be familiar to normal tech job seekers, such as incentives — “with each successful assignment, you get a raise and an instant bonus” — employee referral bonuses and paid time off, and drug-free requirements. High salaries for the right candidates were available, $100,000 per month in one listing, $20,000 per month in another, but the median salary, depending on the role, ranged between $1,300 and $4,000.
Some arrangements seemed more informal: “Want a long term cooperation, hack some Chinese websites and dump the DBs for me, lets talk on xmpp,” one message read, referring to a widespread internet messaging platform.
The analysis found that some people seeking jobs seemed to simply need the money, but for others the reasons may be harder to pin down. Either way, people seeking out this kind of work may not fully understand who they’re getting involved with. “People may have several reasons for going to a dark web site to look for a job,” the researchers wrote. “Many are drawn by expectations of easy money and large financial gain. Most times, this is only an illusion.”
Additionally, the salaries are “seldom significantly higher than those you can earn legally,” the researchers wrote. “Nevertheless, unhappy with their pay, a substantial percentage of employees in the legitimate economy quit their jobs to find similar employment on the dark web market,” they wrote. “Changes on the market, layoffs, and pay cuts, too, often prompt them to look for a job on cybercrime websites.”
The post Cybercrime groups offer six-figure salaries, bonuses, paid time off to attract talent on dark web appeared first on CyberScoop.