More people are seeking to pursue courses that enhance their hacking skills, lured by huge extortion sums and joblessness, a new report shows dealing a blow to the global cybercrime war.
Worldover, Kaspersky’s Digital Footprint Intelligence (DFI) study on the net job market shows a spike in demand for training in web development, cyberattack, and design.
Those signing up for training are taught how to create malware and phishing pages, compromise corporate infrastructure and hack companies' web and mobile applications, among other skills that inflict organisations millions of losses.
The trainers earn between Sh161,915 and Sh498,200 per month, signalling how lucrative the net job market has become.
Between January 2020 and June 2022, the Kaspersky DFI team established that more than 155 people were employed long-term to offer training.
Roughly 200,000 employment-related ads were posted on the web during the period analysed.
“Forty-one percent of ads were posted in 2020, with activity peaking in March – possibly because of a pandemic-related income drop experienced by part of the population,” reads the report.
“The highest median salary of Sh489,200 could be found in ads for reverse engineers,” adds the report.
Some of the web job ads included bonuses and commissions from successful projects, such as extorting a ransom from a compromised organisation.
The highest monthly salary quoted in the ads was Sh2.49 million which was awarded to a developer, making them the most in-demand specialists on the web.
They create various internet products like phishing pages which are designed to look like genuine pages run by organisations, but in reality, they harvest users' information.
Also valued were malware coders whose job description can include the development of Trojans, ransomware, stealers, backdoors, botnets, and other types of malware, along with the creation and modification of attack tools.
Attackers or IT specialists who conduct attacks on networks, web applications, and mobile devices were the second most popular jobs among cybercriminal employers, accounting for 16 percent of the total ads.
Most of the attackers’ jobs on the web are associated with actions that would compromise corporate infrastructure.
The goals of these actions are ransomware infection, data theft, or stealing cash directly from accounts.
Some cybercriminal groups hiring attackers were focused on selling access to compromised systems to other cybercriminals or hacking web and mobile applications.
Fredrick Wahome, the vice-president of Kenya Cybersecurity and Forensics Association, says the increase in the number of people pursuing such professions is both positive and negative.
Unemployment, lack of integrity, shortage of technical skills, and easy access to IT tools are some of the reasons Mr Wahome believes are behind the rise in demand for net skills.
He says the trend is concerning as the web is used for illicit and even illegal purposes such as facilitating buying and selling of illegal drugs, weapons, passwords, and stolen identities, as well as human trafficking.
What should Kenya do to discourage the growth of web jobs?
Mr Wahome says the government must address the unemployment problem as well as the lack of integrity.
“You can't just sit back and fold your arms. If such people see that they are unable to settle their bills, they will opt to use their skills to get money,” says Mr Wahome.
“If such people see a lucrative deal, they forget their ethics and go for the deal. This is why online attack and hacking has become a norm,” he adds.
To counter the trend in Kenya, Mr Wahome recommends the training of people who can provide defence skills in the online space.
“Nowadays, tracking cybercriminals’ interests and continuous analysis of their activities is vital for companies that want to proactively respond to cyberattacks and keep their information security at the highest level. The more you know about your adversary – the better you are prepared,” advises Polina Bochkareva, security services analyst at Kaspersky.