IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Cyber criminal groups wooing hackers with seven-figure salaries and holiday pay

Paid leave, competitive salaries, and ‘friendly team’ environments were among the benefits highlighted by dark web job ads

Cyber criminal groups have been found to be attracting hackers and tech professionals alike with white-collar employment benefits and huge salaries as high as $1.2 million.

Analysis from Kaspersky found that the spike in cyber crime over the last two years has prompted some groups to accelerate hiring to keep pace with demand.  

Researchers at the firm analysed more than 200,000 employment ads posted on dark web pages between January 2020 and June 2022.  

The result concluded that the volume of ads increased rapidly during the onset of the pandemic, surpassing an average of 10,000 ads per quarter - a figure that peaked in March 2020. 

“A total of roughly 200,000 employment-related ads were posted on the dark web during the period in question,” researchers said. “The largest number of these, or 41% of the total, were posted in 2020.”

"Posting activity peaked in March 2020, possibly caused by a pandemic-related income drop experienced by part of the population,” the security firm added. 

Dedicated 'hacker’ roles weren’t the only area in which cyber criminal groups were found to be seeking additional expertise.

Groups increasingly sought out staff to fill developer, admin, and designer positions while other in-demand roles included software engineers and network testers.  

Job ads seeking developers were the most frequent, the study revealed, accounting for 61% of the total. Similarly, developers also topped the list of the best-paid dark web-sourced IT roles, with the largest monthly salary standing at $20,000.  

Employee incentives 

Dark web job listings highlighted by Kaspersky bore similarities to an average tech sector job advert. Groups seeking new starts frequently offered a range of incentives such as holiday pay, flexible working hours, and future employee referral bonuses.  

“Employers on the dark web seek to attract applications by offering favourable terms of employment, among other things,” researchers said. “The most frequently mentioned advantages included remote work, full-time employment, and flextime.” 

“You can also come across paid time off, paid sick leaves, and even 'a friendly team' listed among the terms of employment.” 

Some groups were also found to conduct regular performance reviews, researchers found. This practice was commonplace in the Conti cyber crime group and saw employees granted bonuses based on exemplary performance or fines due to poor productivity.  

Risk and reward 

The reasoning behind some dark web users seeking roles can vary, researchers suggested. Some may be seeking alternative income streams while others may have lost jobs during the onset of the pandemic in 2020.  

“People may have several reasons for going to a dark web site to look for a job. Many are drawn by expectations of easy money and large financial gain,” researchers wrote.  

The study also noted that while some jobs advertised on the dark web offered more than what an individual could earn legally, there was little difference between the average level of IT professionals’ pay on both sides of the legal divide.

“Although dark web jobs could be expected to pay higher than legitimate ones, we did not detect a significant difference between the median levels of IT professionals’ compensation in the cyber criminal ecosystem and the legitimate job market.” 

Accelerating operations

Rik Ferguson, VP of security intelligence at Forescout, told IT Pro this research highlights the growing sophistication of cyber criminal groups and their demand for technical expertise across a range of fields. 

Related Resource

Storage's role in addressing the challenges of ensuring cyber resilience

Understanding the role of data storage in cyber resiliency

Whitepaper cover with title over a grey rectangle with header graphic and ESG logoFree Download

“For many years now, cyber crime has been a highly distributed and specialised field. One criminal gang might contract out specific requirements to independent specialists offering services such as 'crypting', escrow, money mules, coding, and many more,” he said. 

“Recently though, some of the more established and successful ransomware threat actors (LockBit for example) have hired professionals, particularly in software development, directly into their operation.”

Ferguson added that this recruitment trend could be due to a need to improve operational efficiency and maximise the impact of offensive capabilities. 

“Some of this is for efficiency, the ability to control the development of a more effective 'product' and thus recruit more affiliates to spread the ransomware,” he said. “Some of it may well be driven by competitive and confidentiality concerns around keeping their operation insulated, both from their criminal competition and from law enforcement.”

Featured Resources

Defending against malware attacks starts here

The ultimate guide to building your malware defence strategy

Free Download

Datto SMB cyber security for MSPs report

A world of opportunity for MSPs

Free Download

The essential guide to preventing ransomware attacks

Vital tips and guidelines to protect your business using ZTNA and SSE

Free Download

Medium businesses: Fuelling the UK’s economic engine

A Connected Thinking report

Free Download

Most Popular

Getting the best value from your remote support software
Advertisement Feature

Getting the best value from your remote support software

13 Mar 2023
Microsoft set to block emails from unsupported Exchange servers

Microsoft set to block emails from unsupported Exchange servers

28 Mar 2023
What the UK can learn from the rest of the world when it comes to the shift to IP

What the UK can learn from the rest of the world when it comes to the shift to IP

20 Mar 2023