How IT jobs and recruiting on the dark web might trick you

1 year ago AndyC

A
new
Kaspersky
report
sheds
light
on
why
some
tech
pros
look
for
jobs
on
the
dark
web
and
how
to
spot
suspicious
and
likely
illegal
positions
from
recruiters
in
that
environment.

How IT jobs and recruiting on the dark web might trick you

A
new
Kaspersky
report
sheds
light
on
why
some
tech
pros
look
for
jobs
on
the
dark
web
and
how
to
spot
suspicious
and
likely
illegal
positions
from
recruiters
in
that
environment.

the dark web
Image:
cendeced/Adobe
Stock

IT
professionals
are
actively
recruited
on
the
dark
web
with
job
ads
that
are
often
similar
to
legitimate
ones
from
regular
recruitment
websites.
According
to

Kaspersky’s
new
research,
this
tech
job
recruiting
environment
is
only
an
illusion

legal
jobs
are
rare
on
the
dark
web.

Jump
to:

Why
are
some
IT
pros
looking
for
jobs
on
the
dark
web?

The
number
of
ads
offered
on
the
dark
web
as
collected
by
Kaspersky
on
155
different
dark
web
forums
from
January
2020
to
June
2022
is
close
to
200,000,
with
peaks
during
the
COVID-19
pandemic
in
2020.

Some
reasons
that
might
prompt
someone
to
look
for
a
new
job
on
cybercriminals
forums,
even
when
considering
the
risks
of
being
caught
by
law
enforcement,
are:

  • Getting
    laid
    off.
  • Pay
    cuts.
  • Lack
    of
    education
    requirements.
  • A
    military
    service
    record.
  • A
    criminal
    record
    that
    might
    prevent
    them
    from
    working
    in
    a
    particular
    area
    of
    expertise.

Sadly,
some
people
are
also
unaware
of
the
consequences
of
such
illegal
jobs
and
do
not
think
they
might
be
prosecuted.

How
recruiting
on
the
dark
web
usually
works

Employers
on
the
dark
web
market
rely
on
test
assignments
to
recruit
skilled
people.
Some
ads
are
more
specific
about
the
tests
and
allow
checking
the
required
level
(Figure
A);
people
are
often
paid
to
take
these
tests.


Figure
A

Image:
Kaspersky.
Translated
job
ad
selection
procedure.

Employers
also
do
interviews,
and
a
few
job
offers
mention
a
probationary
period.
One
unusual
requirement
is
that
only
people
without
addictions
will
be
selected.

To
attract
profiles,
dark
web
recruiters
mention
advantages
such
as
remote
working,
full-time
employment
or
flexible
schedules.
Yet
people
could
fall
prey
to
cybercriminal
organizations
such
as

FIN7,
whose
managers
do
not
hesitate
to
threaten
their
employees
who
did
not
appear
at
work
enough
or
thought
of
leaving
the
criminal
organization.

Most
recruited
tech
job
roles
on
the
dark
web

Developers
are
in
the
most
demand
in
this
environment,
followed
by
attack
specialists
(Figure
B).


Figure
B

Image:
Kaspersky.
Dark
web
jobs
are
advertised
across
specializations.

Threat
actors
are
especially
looking
for
these
tech
professionals:

  • Malware
    developers,
    since
    most
    attacks
    use
    malware
    to
    compromise
    companies
    or
    exfiltrate
    data
    for
    example.
  • Penetration
    testers
    who
    help
    malware
    developers
    by
    debugging
    malware
    and
    helping
    improve
    anti-security
    measures.
  • Attack
    specialists
    who
    are
    able
    to
    perform
    the
    initial
    intrusion
    on
    the
    target
    and
    extend
    it
    inside
    the
    network.
  • Reverse
    engineers
    for
    reversing
    tools,
    creating
    derived
    ones
    or
    analyzing
    code
    that
    needs
    to
    be
    targeted.
  • IT
    administrators
    to
    configure
    and
    maintain
    the
    group’s
    IT
    infrastructure
    and
    make
    sure
    it
    is
    anonymized
    and
    running.
  • Designers
    who
    create
    fake
    websites
    and
    phishing
    emails.
  • Analysts
    who
    gather
    information
    on
    the
    targeted
    companies
    and
    provide
    useful
    information
    to
    help
    launch
    the
    attack.

Median
salaries
for
these
jobs
on
the
dark
web

The
salaries
for
these
jobs
vary
depending
on
the
invested
effort
and
the
experience.
Salaries
are
often
paid
via
cryptocurrency.
While
the
salary
range
varies
from
$200
to
$20,000
per
month,
median
salaries
show
that
it
is
rare
to
find
such
high
pay
(Figure
C).
Kaspersky’s
research
reveals
that
contrary
to
popular
belief,
cybercriminals’
jobs
are
not
paid
significantly
more
than
legitimate
jobs.


Figure
C

Image:
Kaspersky.
Median
monthly
salaries
across
specializations.

How
to
spot
a
suspicious
job
offer
from
the
dark
web

Some
jobs
ads
on
the
dark
web
do
look
similar
to
legitimate
postings,
so
users
should
always
be
careful
if
they
decide
to
follow
up
on
a
posting.
When
you’re
talking
to
the
recruiter,
it
will
likely
be
obvious
that
something
is
wrong
with
the
offer.
Here
are
red
flags
to
watch
with
such
job
offers.

  • A
    real
    employer
    provides
    a
    full
    identity
    that
    can
    be
    verified.
  • A
    real
    employer
    offers
    a
    real
    contract
    and
    generally
    does
    not
    pay
    in
    cryptocurrency.
  • A
    real
    employer
    can
    provide
    legal
    documents
    to
    prove
    the
    existence
    of
    a
    company,
    depending
    on
    the
    country
    where
    the
    company
    is
    built,
    which
    seems
    hard
    to
    provide
    for
    a
    cybercriminal
    threat
    actor.


Read
next:

Mobile
device
security
policy
(TechRepublic
Premium)

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

More Stories

US AI Experts Targeted in SugarGh0st RAT Campaign

US AI Experts Targeted in SugarGh0st RAT Campaign

2 days ago AndyC
A Human-Centric Security Approach, Supported by AI

A Human-Centric Security Approach, Supported by AI

2 days ago AndyC
Black Basta Ransomware Struck More Than 500 Organizations Worldwide

Black Basta Ransomware Struck More Than 500 Organizations Worldwide

2 days ago AndyC
Get on Cybersecurity Certification Track With 5 Off These Courses

Get on Cybersecurity Certification Track With $145 Off These Courses

2 days ago AndyC
<div>Restore Damaged Files & Save Your Business for Only </div>

Restore Damaged Files & Save Your Business for Only $50

2 days ago AndyC
Proofpoint Among First in Enterprise Archiving Industry to Achieve PCI Compliance Attestation

Proofpoint Among First in Enterprise Archiving Industry to Achieve PCI Compliance Attestation

3 days ago AndyC

You may have missed

Healthcare firm WebTPA data breach impacted 2.5M individuals

Healthcare firm WebTPA data breach impacted 2.5M individuals

3 hours ago AndyC
Security Affairs newsletter Round 472 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 472 by Pierluigi Paganini – INTERNATIONAL EDITION

9 hours ago AndyC
North Korean Kimsuky used a new Linux backdoor in recent attacks

North Korean Kimsuky used a new Linux backdoor in recent attacks

9 hours ago AndyC
AI's Energy Appetite: Challenges for Our Future Electricity Supply

AI’s Energy Appetite: Challenges for Our Future Electricity Supply

9 hours ago AndyC
Chinese Nationals Arrested for Laundering Million in Pig Butchering Crypto Scam

Chinese Nationals Arrested for Laundering $73 Million in Pig Butchering Crypto Scam

9 hours ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.