A couple of security stories worth talking about too.
I’ve talked about how cybercrime groups run like professional organizations. How much can you earn? Well, In a new report by Kaspersky, which analyzed 200,000 job ads posted on 155 dark websites between March 2020 and June 2022, hacking groups and APT groups seek to hire mainly software developers (61% of all ads), offering very competitive packages to entice them.
The highest-paying job seen by Kaspersky’s analysts included a monthly salary of $20,000, while ads for capable attack specialists topped $15,000/per month. The median pay for IT pros ranged between $1,300 and $4,000 per month, with designers receiving the lower amounts and reverse engineers being positioned at the higher end of the median pay spectrum. In some cases (8%), the remote workers would be offered paid vacation and sick leave, which shows that some dark web employers care about making their proposals as attractive as possible.
Microsoft Security Intelligence released some data about the groups they are tracking — More than 100 different cyber-criminal gangs are actively conducting ransomware attacks, deploying over 50 other ransomware families in campaigns that see them encrypt networks and demand a ransom payment for the decryption key.
And in public service announcements, the FBI encourages communicating with them about breaches. FBI director Christopher Wray estimated that only 20% of Hive’s victims reported potential issues to law enforcement during the bureau’s seven-month operation.
Why do we care?
Two hundred and forty thousand dollars is an excellent salary. It comes with benefits! Just one more data point in recognizing the opposition.
I wanted to focus again on the FBI reporting – you don’t even know what is happening behind the scenes, and just one more reason to report. The FBI was actively helping victims by giving them keys. Why wouldn’t you report?