Kaspersky experts analyzed around 200.000 job advertisements on the dark web. The result: in the years 2020 to 2022, developers, attackers and designers were among the most sought-after profiles in the cybercrime community. Salary: up to $4.000 per month.
The requirements, and thus the desired skills, included creating malware and phishing sites, compromising corporate infrastructure, and hacking web and mobile applications. The average salary offered for these types of "IT professionals" ranged from $1.300 to $4.000 per month.
200.000 job postings on 155 dark web forums
🔎 Attack group coordination diagram (Image: Kaspersky).
According to a Kaspersky analysis, between January 2020 and June 2022 around 155 job advertisements were published in 200.000 Dark Web forums. The Kaspersky experts specifically analyzed 800 of the IT-related job offers that contained information about long-term or full-time positions and selected over 160 from them that explicitly named a salary, although clients on the dark web usually only provide rough salary figures. Average compensation for IT professionals has ranged from $1.300 to $4.000 per month.
The highest monthly salary Kaspersky experts saw in the ads was $20.000 – for a developer; the lowest salary was only $200. Some of the dark web job ads also promised bonuses and commissions from successful projects, such as extorting ransom money from a compromised organization.
Developers, attackers and designers are particularly in demand
The following positions are most commonly searched for on the dark web:
- Developers (61 percent): Within this profession, the highest demand (about 60 percent of these ads) was for web developers who create various web content such as phishing sites. They also wanted malware programmers who could create Trojans, ransomware, stealers, backdoors, botnets and other types of malware, and create and modify attack tools.
- Attackers — or IT professionals capable of attacking networks, web applications, and mobile devices (16 percent): These wanted profiles are similar to a legitimate penetration tester, but are mostly designed to compromise corporate infrastructure with the aim of infection with ransomware or to directly steal data or money.
- Designers (10 percent): These typically create malicious products, such as phishing websites or emails, that are difficult to distinguish from the genuine content.
Other positions to be filled included administrators (6 percent), reverse engineers (4 percent), analysts (2 percent), and testers (1 percent).
Strong “illegal” offers
"What initially seems serious is nevertheless primarily a thoroughly illegal activity that is being pursued by law enforcement agencies," explains Christian Funk, head of the Global Research and Analysis Team (GReAT) in the DACH region at Kaspersky. “The Dark Web functions, among other things, as an ecosystem for cybercriminal activity; there, as in the free, legal market, the principle of supply and demand prevails. This can also be seen in the recruiting area. As with conventional job platforms, job advertisements and job applications are posted there – including the requirement profile and range of activities.”
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/