Developers, attackers and designers topped the list of the most demanded IT professionals on the Darknet

Kaspersky’s Digital Footprint Intelligence team studied the darknet job market. After analyzing 200,000 employment ads 2020-2022, the experts found developers, attackers and designers were the most sought after professions in the cybercriminal community. Based on Digital Footprint Intelligence, job requirements included creating malware and phishing pages, compromising corporate infrastructure, hacking web and mobile applications, and other responsibilities. The median levels of pay offered to IT professionals varied between $1,300 and $4,000 per month.

The Kaspersky Digital Footprint Intelligence (DFI) team reviewed job ads and resumes posted on 155 dark web forums between January 2020 and June 2022, analyzing those containing information about long-term or full-time jobs. According to DFI service data, a total of roughly 200,000 employment-related ads were posted on the dark web during the period analyzed. Forty-one percent of ads were posted in 2020, with activity peaking in March – possibly because of a pandemic-related income drop experienced by part of the population.

Monthly posting dynamics for ads seeking and offering jobs on dark web job forums in 2020–2022

Kaspersky experts analyzed more than 800 IT job ads on the dark web and selected more than 160 of the ones explicitly cited a salary, although dark web employers typically state rough salary figures. The median levels of pay offered to IT professionals varied between $1,300 and $4,000 monthly. The highest median salary of $4,000 could be found in ads for reverse engineers.

Job Median monthly salary
Attacker $2,500
Developer $2,000
Reverse engineer $4,000
Analyst $1,750
IT administrator $1,500
Tester $1,500
Designer $1,300

Median monthly IT salaries on the dark web

The highest monthly salary Kaspersky experts saw in the ads was $20,000 – awarded to a developer. The lowest fee offered was just $200. Some dark web job ads included bonuses and commissions from successful projects, such as extorting a ransom from a compromised organization.

Developers, attackers and designers topped the list of the most demanded dark web jobs

Developers were the most in-demand specialists on the dark web: this specialty accounted for 61% of all ads. Within this specialty, web developers, who create various internet products like phishing pages, was most sought after accounting for 60% of these ads. Also valued were malware coders. This job description can include development of Trojans, ransomware, stealers, backdoors, botnets, and other types of malware, along with the creation and modification of attack tools.

Distribution of dark web job ads across specializations

Attackers – or IT specialists who conduct attacks on networks, web applications and mobile devices – were the second most popular jobs among cybercriminal employers, accounting for 16% of the total ads. The closest approximation to a legitimate profession of this job is penetration tester. Most of the attackers’ jobs on the dark web were associated with actions that would compromise corporate infrastructure. The goals of these actions are ransomware infection, data theft, or stealing cash directly from accounts. Some cybercriminal groups hiring attackers were focused on selling access to compromised systems to other cybercriminals, or hacking web and mobile applications.

Designers were the third most professionals in demand with 10% of ads. Their goal usually is to make a malicious product, such as phishing page or letter that would be hard to distinguish from the real one.

Darknet employers also look for IT administrators, reverse engineers, analysts, testers and other less common IT jobs – various kinds of engineers and architects, support specialists, technical writers, forum moderators, and even executives and project managers.

Example of a job ad for a reverse engineer

“IT headhunting is one of the numerous topics which is constantly discussed on the Darknet. Nowadays, tracking cybercriminal’s interest and continuous analysis of their activities is vital for companies that want to proactively respond to cyberattacks and keep their information security at the highest level. The more you know about your adversary – the better you are prepared”, said Polina Bochkareva, Security Services Analyst at Kaspersky.

LEAVE A REPLY

Please enter your comment!
Please enter your name here