Threat groups are increasingly leveraging popular instant messaging platforms such as Telegram and Discord to buy, sell, and exchange criminal goods, advertise products, and communicate with each other.
Much of the popularity has to do with the secure, encrypted, peer-to-peer communications available with these platforms, allowing criminals to transact business relatively openly while avoiding scrutiny from law enforcement.
The trend highlights the need for organizations to pay closer attention to malicious activity on IM channels, says Etay Maor, chief security officer at IntSights, which this week released a report based on a yearlong study of IM usage among criminals.
"Enterprises should be aware of the changes and trends in threat actor behavior," Maor says. Organizations that wish to stay ahead of the curve have to know how and where threat actors communicate. "Security is not a static 'check, we are done here' process. Enterprises have to make sure they know what the threat landscape looks like, how and what their adversaries are planning," he says.
IntSights' researchers observed a substantial increase in IM platform usage among threat actors between January 2019 and January 2020. Data pulled from the company's proprietary external threat intelligence platform and other sources showed platforms such as Telegram, Discord, and ICQ to be especially popular among criminal actors.
IntSights researchers counted more than 56,800 Telegram invite links and some 223,000 mentions of the application across cybercrime forums during the one-year period, suggesting it was the most widely used platform. It was also the most heavily discussed on non-English language forums.
However, Discord — a popular chat and IM platform among gamers — appeared to be the fast ..
Support the originator by clicking the read the rest link below.
