While ordinary IM users chat away, cybercriminals use IM to plan heinous deeds and scams.
Instant Messaging (IM) platforms are attractive with their easy-to-use features, customizable interfaces and real-time chat services and chatbots. Cybercriminals love IM too!
In fact, recent research shows that Telegram is the IM platform of choice for cybercriminals. Threat intelligence firm IntSights found nearly 57,000 Telegram invite links shared across cybercrime forums, with well over 200,000 general mentions of the app across these forums.
Other findings:
- Threat actors are using IM platforms as an alternative black marketplace, because modern IM platforms have created a space for criminals to operate in the open while remaining undetected due to the privacy of the platforms.
- IM platforms are most often used by financial fraud communities to exchange stolen carding information, and selling or trading credit card dumps. Physical items stolen or counterfeited from retailers are also traded therein.
- Black markets and forums are often used as a marketing and sales tool where the threat actors leverage the encryption that IM platforms offers, to connect instantaneously with buyers to seal the deal within the chat services.
IntSights researchers found an increase in IM platform usage among threat actors in the period between January 2019 and January 2020. It is no surprise that cybercriminals take advantage of these easy, accessible mediums to avoid detection from the increased scrutiny of black markets and forums on the Dark Web.
The redeeming fact in the report is that law enforcement can “break” IM encryption using sophisticated algorithms and security vulnerabilities, or “by collecting frame details and digital clues that were stored in the IM servers.”
While the data itself is fully encrypted and law enforcement needs sophisticated algorithms in order to decrypt it, some countries have authorized law enforcement agencies to access the private information of their citizens if sanctioned by courts or other judicial authorities—including information that lives in IM platforms. More cooperation between technology companies and law enforcement agencies, especially in the United States, will hopefully set the benchmark for other countries to tighten IM abuse.