World of Shadows: Telegram and Open Source - Leaders of Stealthy Attacks

[Friend]

The report highlights the TOP-5 most dangerous groups and their methods of penetrating corporate systems.

Critical Start has published a report on cyber threats for the first half of 2024. The document is a detailed analysis of key trends, cyberattacks and groups that were active during the 6 months of the year.

One of the main topics of the report was the discussion of the need to integrate active and preventive cybersecurity measures. Critical Start argues that reactive measures such as MDR solutions alone are not enough to fully protect. Instead, the company offers a combined approach that includes cyber risk management (MCRR) and preventing incidents before they occur.

The report also focuses on the industries that were most affected by cyberattacks in the first half of 2024. The manufacturing and industrial goods sectors were the top attackers, followed by professional services, healthcare, and technology. The attacks had a serious impact on business processes and economic stability, highlighting the importance of effective protection measures.

The company's research has made it possible to identify the key ransomware groups - LockBit, Play, Black Basta, Akira and 8Base. Groups were responsible for more than 40% of reported ransomware and data breach incidents. Attackers' tactics and techniques continue to evolve, making them a serious threat to organizations around the world.

Most attacks occurred in the middle of the work week, with peak activity between 10:00 and 15:00 (CST). Phishing attacks were in first place among the main methods of penetration, accounting for almost 59% of all recorded incidents.

A separate section of the report is devoted to new cyber threats, such as the use of deepfake technology to carry out social engineering and BEC attacks. There is also a trend of abuse of open repositories. The report contains recommendations to mitigate risks, including blocking the Telegram API and strengthening control over clicks on advertising links.

Critical Start noted the importance of introducing advanced technologies to detect new types of threats, such as deepfakes, as well as the need for regular training of employees to increase awareness of modern social engineering methods.

Source

 

[Friend]

The New York Times published the results of the investigation, describing Telegram as a "global channeling of criminal activity, toxic content, disinformation, sexual violence and racism". During the four-month study, journalists analyzed more than 3.2 million messages from 16 thousand channels of the messenger, revealing the widespread spread of illegal and extremist activities on the platform.

According to the publication, Telegram offers tools that allow criminals and scammers to organize their activities on a significant scale and evade the attention of the authorities. Despite the obvious flourishing of illegal activity, the administration of the platform did not take sufficient action to suppress it. Experts from The New York Times have identified 1500 channels related to white supremacist propaganda, which unite almost a million users around the world. Dozens of channels also advertised weapons, and some of them were seen to be active in international trade. On 22 channels with more than 70 thousand subscribers, illegal substances were advertised with delivery to more than 20 countries.

The New York Police Department's deputy commissioner for intelligence and counterterrorism, Rebecca Weiner, said that "Telegram has become the most popular gathering place for malicious actors." According to her, if someone is plotting a crime, he is likely to choose this platform for his actions.

Telegram, according to The New York Times, does not pay enough attention to requests from law enforcement agencies. According to former employees of the company, the mailbox for such appeals is rarely checked, which greatly complicates investigations. At the same time, other major social networks, such as YouTube and TikTok, have entire divisions that handle such requests, and thousands of moderators who monitor potentially dangerous content.

In fact, only Apple and Google, which can remove Telegram from their app stores, have been able to successfully push the platform to remove and limit the spread of malicious content, analysts, government officials and tech executives note. governments have sometimes turned to tech giants for help to force Telegram to act.

After The New York Times sent Telegram a list of questions, Pavel Durov, the company's founder and CEO, made the first comments. He stated that the notion of Telegram as "some kind of anarchic paradise" is not true, stressing that the company deletes millions of malicious posts and channels every day. According to Durov, the huge amount of prohibited content is explained by the fact that the platform is going through "growing pains". He noted that he personally took on the task of significantly improving the moderation system and combating illegal activity on the platform.

In a statement to The New York Times, Telegram stressed that 99.999% of the platform's users are law-abiding citizens, and despite the work still to be done, the company is actively improving its features and moderation mechanisms to better control content.

Experts believe that one of the key reasons for the attractiveness of Telegram for extremists and criminals are its unique functions. Unlike competitors like WhatsApp, which limit the size of groups and access to public channels, Telegram allows you to create channels and super groups. By 2019, the group administrator could manage city-wide chat groups with up to 200 thousand users, which attracts both legitimate users and those looking for a platform for illegal activities.

Source