Kaspersky: cybercrime vacancies are increasingly similar to legitimate ICT vacancies
Malware developers can usually earn around $4,000 a month as a programmer. Kaspersky analyzed various vacancies for ransomware and cybercrime gangs and saw that the median salary is around that amount. Vacancies seem to be becoming more and more professional.
Security company Kaspersky viewed during an investigation 867 job openings, spread across 155 dark web forums. It does not explicitly state that it concerns positions such as cybercrime programmers, but Kaspersky makes that assumption because the vacancies are shared on forums where hackers meet. Kaspersky looked at vacancies in the period from January 2020 to June 2022 to spot trends. In total, the company saw 200,000 posts in which job-related terms such as ‘resume’ or ‘salary’ were used.
The number of job vacancies on cybercrime forums skyrocketed in March 2020. Kaspersky believes this is due to the pandemic and the subsequent job loss for many programmers. According to the security company, many vacancies come from hacker groups and advanced persistent threats that are looking for developers to write malware code, but also to manage IT infrastructure. Designers are requested in a smaller proportion of the vacancies. Sometimes it also involves admins for Telegram channels or websites, testers, analysts and programmers who can reverse engineer. Of the 867 posts Kaspersky viewed, 638 were job openings and 229 were posts from job seekers who posted their resumes.
According to Kaspersky, the cybercriminals try to recruit programmers with attractive working conditions. For example, at least half of the vacancies would explicitly offer working from home as an employment condition. A full-time appointment and a flexible work schedule would also be common conditions.
In terms of salary, the criminals offer a median compensation of between $1,300 and $4,000. The salary then strongly depends on the position. Developers and attackers usually get $2,000 or $2,500, but for a reverse engineer, Kaspersky says that amount could be as high as $4,000. Usually the vacancy lists dollar prices, but in practice the gangs pay out in crypto currency. Also, much of the compensation often depends on the success of the surgery. For some developers, the salary can exceed $20,000 per month.
The amounts seem relatively low compared to the average salaries in Western countries, but the forums often advertise in Russian and probably also attract many Russian hackers. While you would expect dark web jobs to pay better than legitimate jobs, we saw no significant difference in compensation between the cybercrime ecosystem and the legitimate job market.
Kaspersky also saw that many job openings require a test assignment. In some cases, this is also paid for. The company describes a vacancy in which criminals ask for a dll file to be encrypted in such a way that antivirus packages cannot pick it up.