Hacker gangs often operate like businesses - they have salaries, working hours, clients and employees. To compete in a growing market, they are constantly looking for new talent with better skill sets, and they often use the same methods as legitimate tech companies and startups. The main difference is that cybercriminals do it in the hot spot of illegal business - on the dark web. In a new study by Kaspersky, researchers analyzed about 200,000 full-time job postings and CVs on 155 darknet forums from January 2020 to June 2022 to find out how the covert cybercrime labor market operates. Most jobs posted on the dark web are illegal, such as stealing confidential data or selling drugs for profit on scam websites. People often go to the dark web tempted by easy money and big profits, which in fact are rarely higher than those offered by legal companies, according to Moscow-based Kaspersky. When there is turmoil in the global tech market, including layoffs and pay cuts, cybercrime gangs ramp up their recruitment of tech specialists. The largest number of job ads on darknet forums, 41% of the total, was posted in March 2020, when many people lost their jobs or income and were forced to stay at home due to the COVID-19 pandemic, according to Kaspersky. The impact of the pandemic and the subsequent surge in job postings on darknet websites has been particularly noticeable in Eastern Europe, where many well-known hacker groups are based. In hiring hackers, the crime groups do make some exceptions. Certain candidate requirements in the tech industry - such as higher education or a military service record - don't matter. Prior convictions, of course, aren't a concern. The gangs often do want candidates to be of legal age and free of addictions such as drugs and alcohol. Dark web jobs usually look attractive to freelancers as they are fully remote and flexible. Cybercriminals are also trying to lure potential candidates with bonuses, paid vacations and sick leaves, and even friendly staff. This is not surprising - hacker gangs are hungry for experienced personnel. Most of the ads on the dark web are posted by employers, not job seekers, according to the report. The major dark web employers, according to Kaspersky, are hacker teams and nation-state groups looking for those capable of developing and spreading malware or building and maintaining IT infrastructure. The most in-demand professionals on the dark web are developers followed by attackers and designers. The higher demand for developers could be explained by a need to create and configure new, more complex tools, the report said. The hiring process often involves test assignments, interviews and probation periods. The main difference is the absence of a legally executed employment contract. The size of the salary depends on the hacker's skills, experience and the success of the work performed. The median monthly salary of attackers is $2,500; reverse engineers, $4,000; and analysts, $1,750. The highest-paying job at the time of the study was coding, offering at least $20,000 per month. The fact that they are doing something illegal doesn't really bother the job seekers. What attracts them most is the high degree of freedom the job offers: "You can take as many days off as you want, there is no dress code, and you are free to choose any schedule, tasks, and scope of work," the research said.
This Cyber News was published on therecord.media. Publication date: Wed, 01 Feb 2023 14:10:02 +0000