Kaspersky Lab experts found out the current state of the global recruitment market on the dark web, and also analyzed the purposes for which attackers can hire employees from the IT sector. Experts studied 155 Russian and English forums on the darknet and selected more than 800 job search and job postings for analysis.
According to the results of the study, messages from potential candidates turned out to be significantly less than announcements with vacancies: the share of resumes was 17%. This is probably due to the fact that applicants respond more actively to published vacancies than leave information about themselves.
Developers. Such IT specialists are most often searched for on the dark web (61% of ads). They also topped the list of the most paid. The most demanded specialization in the field of programming is web development. It accounted for 60% of all ads for the search for programmers. In the illegal field, such people are also involved in the creation of phishing pages. They can also be involved in the development of shadow forums, marketplaces and administrative panels to implement the Malware-as-a-Service model (malicious software as a service). They are also actively looking for virus writers. Their tasks include the creation of malware - Trojans, ransomware, stealers, backdoors, botnets, as well as the development and modification of tools for attacks.
Attack Specialists. Their share is 17% of the total number of proposals. Most of the vacancies are related to hiring to compromise the infrastructures of organizations (network attacks). The goals of hacking can be different: infection with encryption programs, theft of data, or theft of money from accounts. Attackers are also hired to hack web and mobile applications.
Designers. A tenth of all vacancies are associated with this specialization. On the black market, such specialists participate - together with web developers - in the creation of phishing pages and letters, scam sites. Their task is to make a fake indistinguishable from the original. Also in demand are UI / UX - and graphic designers.
Administrators. Several dozens of discovered vacancies (6% of the total number) are associated with the selection of these IT specialists. Among them, more than half is the search for system administrators. Less often, DevOps, web and NOC administrators are hired. These people are required to set up and maintain the infrastructure of the attackers, as well as manage the already compromised networks of the victims. The administrator's tasks may include server maintenance, installation of panels, purchase of hosting, creation of proxy servers.
Reverse engineers. The share of such vacancies is 4%. These professionals had the highest median wages. Among the tasks of reverse engineers is the search and exploitation of unknown vulnerabilities in hardware or software. They can also analyze security solutions and monitor security updates to find ways around them. Probably, the small volume of proposals for reverse engineers is due to the fact that developers can combine this direction with the main field of activity.