Cybercrime is no longer just a hobby for tech-savvy individuals; it has now become a business. Now it has job opportunities on the dark web that offer competitive salaries, paid time off, and sick leave. The latest report by Kaspersky did an analysis of the dark web hiring of 200,000 job ads on 155 dark websites. The time for research was between March 2020 and June 2022. Reports reveal that hacking groups and APT groups are seeking to hire mainly software developers. Almost 61% of all ads want to hire developers, offering attractive packages to entice them.

Report on dark web hiring

The report shows that the highest-paying job seen by Kaspersky’s analysts included a monthly salary of $20,000. The ads for capable attack specialists topped $15,000/per month. In addition to software developers, hacking groups seek to fill other roles. These include data analysts, malware and tool developers, initial compromise actors, reverse engineers, website and phishing email designers, malware testers, and IT administrators. The median pay for IT pros ranged between $1,300 and $4,000 per month. Designers receive lower amounts, and reverse engineers get the higher end of the median pay spectrum.

One-third of the job postings offered candidates full-time employment, and an equal percentage allowed a flexible schedule. In some cases (8%), the remote workers get offers of paid vacation and sick leave. It shows that some dark web employers care about making their proposals as attractive as possible. These “employment” packages are quite competitive in contrast to similar positions in legal job markets and could attract unemployed professionals or young IT graduates who are having trouble finding a job.

However, Kaspersky warns that the risks associated with working for a dark web employer still outweigh the benefits. The absence of a legally executed employment contract relieves employers of any responsibility. A worker might not get pay, or become a victim of a fraudulent scheme. The highest volume of ads came in to light during Q1 2020. It coincides with the massive changes brought upon the workforce by the COVID-19 pandemic. A second spike was recorded between Q4 2021 and Q1 2022.

Hiring Process

The hiring process for these cybercrime jobs is not typical. As part of the hiring process, cybercriminal recruiters conduct test assignments. Tests aim to determine an applicant’s level of competency in the claimed field. In some cases, the recruiters also look into the CV or portfolio. In one out of four postings, there’s an interview session conducted with the job seeker. One job posting promised to pay candidates roughly $300 in BTC for a test assignment. Another job offer laid out a multi-step screening process. Here the candidate would be asked to encrypt a test DLL in 24 hours. Also, making it fully undetectable by AVs (max of 3 minor AV runtime detects).

As cybercrime enterprises adopt business-like operations, we will continue to see the dark web as a recruiting tool. It’s for threat actors looking for a stable income. Some software developers may see these opportunities as a lifeline during difficult times. However, it is vital to understand the potential risks of working for a dark web employer. These risks range from being victims of scams to imprisonment.