Cybercriminals Promise Millions to Skilled Black Hats: Report

Cybercriminals say they are willing to pay over a million dollars per year to individuals with network management, penetration testing, and programming skills willing to put on a black hat, a new Digital Shadows report reveals. 

Posts on Dark Web forums reveal that one threat actor is willing to pay in excess of $64,000 per month ($768,000 per year) to skilled individuals willing to help them conduct nefarious operations. The salary would go up to $90,000 per month ($1,080,000 per year) for the second year. 

Cybercrime groups looking for accomplices who can help them extort money from high-worth individuals, including company executives, lawyers and doctors, promise monthly pays starting at $30,000 per month ($360,000 per year), Digital Shadows notes in their report.

“In the past, cybercriminals were restrained by money laundering difficulties in the cyber space, but with the rise of cryptocurrencies virtually any illicit income of any size can be legalized without legal ramifications. Highly competitive salaries and other forms of remuneration in cybergangs are, however, widely spread and have been for a while already,” High-Tech Bridge CEO Ilia Kolochenko told SecurityWeek in an emailed comment. 

“These numbers also undermine the long term sustainability of commercially-motivated bug bounties. We will likely see a decline of skilled people involved in crowd security testing as they can either find a highly competitive salary in the industry, or alternatively shift to the dark side. At least their primary motivator will not be money,” Kolochenko also noted. 

For those interested in working alone, blackmail and extortion guides are available on underground forums for less than $10. Stolen credentials, admin panels, network and website access, and sensitive documentation can also be purchased on underground marketplaces. 

Extortion attempts take many forms, ranging from threatening to expose sensitive information about the victim to holding their data for ransom. One of the most popular types of activity is sextortion, where cybercriminals claim to have evidence of the victim having an affair and threaten to publicly expose them.

Digital Shadows says it observed a sample of sextortion campaigns targeting over 89,000 unique recipients with 792,000 extortion attempts from July 2018 to February 2019. The attackers could be reaping an average of $540 per victim, the report says.

The extortionist usually provides the victim with a known password that serves as “proof” of compromise, claims to have compromising evidence, and urges the victim to pay a ransom to a specified Bitcoin (BTC) address. In some cases, the criminal claims the recipient will be “killed” unless a Bitcoin demand is paid.

“Extortion is in part being fuelled by the amount of ready-made extortion material readily available on criminal forums. These are lowering the barriers to entry for wannabe criminals with sensitive corporate documents, intellectual property, and extortion manuals being sold on by more experienced criminals to service aspiring extortionists,” Digital Shadows notes. 

One extortion attempt that caught attention not long ago involved the hacking group The Dark Overlord, which attempted to sell hundreds of thousands of documents belonging to British insurance company Hiscox. Among these, the hackers claimed to have tens of thousands of documents related to the September 11 terrorist attacks.

Related: Hackers Attempt to Sell Stolen 9/11 Documents

Related: Dark Web Chatter Helpful in Predicting Real World Hacks, Firm Says