Criminals rely on various methods to spread and deploy their malicious software across targeted networks. Over the last couple of years, we have seen the criminal elements of the internet community rely on social media platforms and instant messaging services to achieve distribution. A recent investigation from Cyberint and the Financial Times revealed criminals have been using Telegram's messaging service for the same purpose.
We have known about it for the last two years. We have been aware of the use of Telegram to buy, sell, and distribute the compromised data and malware tools for some time now. Telegram's excellent encryption and privacy features make it an almost perfect alternative to what many call the "Dark web".
In a recent public posting, Tal Samara at Cyberint posted, "We have recently been witnessing a 100% rise in Telegram usage by cybercriminals. Its encrypted messaging service is increasingly popular among threat actors conducting their fraudulent activity and selling stolen data as it is more convenient to use than the dark web."
This is not surprising in the slightest. In a world with increasing demands for surveillance from governments, entities with reasons to hide their communications will always move to the best platform. While this is a strong vote of confidence for the Telegram platform, what can be done to limit potential damage?
Preventing Data Leakage through Telegram
Criminals are always going to look for the easiest way to move data. So block web.telegram.org. There are numerous ways to achieve this, either through a proxy filter or creating fake DNS records to direct web.telegram.org to an internal address.
This of course, is just one step in what is an incredibly difficult puzzle to achieve. Over the coming weeks we will be posting a lot more about preventing data leakage and what can be done to hinder it. Stay tuned.