Developers, attackers and designers are the most sought-after professions in the cyber criminal community.
This is according to Kaspersky’s Digital Footprint Intelligence (DFI) team which studied the darknet job market and analysed 200 000 employment ads between 2020 and 2022.
Based on the DFI team’s findings, job requirements included creating malware and phishing pages, compromising corporate infrastructure, and hacking web and mobile applications.
The Kaspersky DFI team reviewed job ads and resumes posted on 155 dark web forums between January 2020 and June 2022, analysing those containing information about long-term or full-time jobs.
The median levels of pay offered to IT professionals varied between $1 300 and $4 000 monthly.
Kaspersky DFI
According to DFI service data, a total of roughly 200 000 employment-related ads were posted on the dark web during the period analysed. Forty-one percent of ads were posted in 2020, with activity peaking in March – possibly because of a pandemic-related income drop experienced by part of the population.
Kaspersky experts analysed IT jobs and selected more than 160 that explicitly cited a salary, although dark web employers typically state rough salary figures. The median levels of pay offered to IT professionals varied between $1 300 and $4 000 monthly. The best paid salaries in that range were found in ads for reverse engineers.
The highest monthly salary Kaspersky experts saw in the ads was $20 000 – awarded to a developer. The lowest fee offered was just $200. Some dark web job ads included bonuses and commissions from successful projects, such as extorting a ransom from a compromised organisation.
Most in-demand
According to Kaspersky, developers were the most in-demand specialists on the dark web: this specialty accounted for 61% of all ads.
“Within this specialty, web developers, who create various internet products like phishing pages, were most sought after, accounting for 60% of these ads. Also valued were malware coders. This job description can include development of Trojans, ransomware, stealers, backdoors, botnets, and other types of malware, along with the creation and modification of attack tools,” the company noted.
Attackers – or IT specialists who conduct attacks on networks, web applications and mobile devices – were the second most popular jobs among cybercriminal employers, accounting for 16% of the total ads. The closest approximation to a legitimate profession of this job is penetration tester. Most of the attackers’ jobs on the dark web were associated with actions that would compromise corporate infrastructure. The goals of these actions are ransomware infection, data theft, or stealing cash directly from accounts. Some cybercriminal groups hiring attackers were focused on selling access to compromised systems to other cybercriminals, or hacking web and mobile applications.
Designers were the third most sought professionals in demand, with 10% of ads calling for that role. Their goal usually is to make a malicious product, such as a phishing page or letter that would be hard to distinguish from the real one.
Darknet employers also look for IT administrators, reverse engineers, analysts, testers and other less common IT jobs – various kinds of engineers and architects, support specialists, technical writers, forum moderators, and even executives and project managers.
“IT headhunting is one of the numerous topics which is constantly discussed on the darknet. Nowadays, tracking cyber criminal’s interest and continuous analysis of their activities is vital for companies that want to proactively respond to cyber attacks and keep their information security at the highest level. The more you know about your adversary – the better you are prepared,” said Polina Bochkareva, security services analyst at Kaspersky.
Share