How Did Telegram Become the New Darknet?

This article discusses the data breach at HR.com along with the growing threat of phishers and other bad actors using several threat vectors to gain access to corporate data only to have the content available on Telegram within a manner of hours.

Global email security companies like Trustifi provide a world-class platform for clients to enable several integrated adaptive controls to help stop data breaches preventing their content from ending up on Telegram.

Blending Legitimate Business with Illicit Activities Inside Telegram

Digital currency traders and financial service providers have recognized the value of enterprise Telegram. However, inadequate controls can lead to significant compliance risk exposure as more industries become regulated. Law enforcement agencies will set digital traps inside Telegram to stop threat actors from expanding their criminal enterprise.

Telegram’s security features including built-in encryption and the ability to create private channels and chat groups, have led to concerns about its use for criminal activity. Law enforcement officials need help monitoring this instant messaging app and tracking the actions of shady characters selling illegal products.

Phishers and hackers have expanded their cyberattack strategies to incorporate Telegram as a darknet marketplace to sell their services, including phishing-as-a-service, along with offering phishing kits for other hackers to use.

Telegram channels and groups provide a means for criminals that eliminates the need for registration with a web host or domain service, protecting them from attacks like DDoS and reducing the need for protection against online scanners and security tools.

Why is This a Big Problem for Companies/Individuals?

Cybercriminals will leverage Telegram messaging encryption APIs to incorporate into their malicious websites and underground social networks. With access to security tools on Telegram, cybercriminal outfits often pose as legitimate tech companies offering various technical expertise while quietly committing financial fraud against their victims.

Telegram has a lower barrier to entry than the dark web. It is more accessible and easier for people to distribute and receive data. Hackers can disseminate information more efficiently through Telegram.

How did HR.Com and other Stolen Data End Up on Telegram?

Global social media sites like HR.com, Facebook, and WhatsUp continue to be attacked and exploited daily by phishers. Access to these social giants is a gold mine for hackers and phishers.

Some of the known exploits used by hackers to gain access to corporate assets include brute force attacks against user accounts, email phishing attacks, and direct access attacks against management consoles.

On September 2, 2022, HR.com, a global social media company, became exploited through its email server management console. The hackers used several techniques to gain access info@HR.com email box. The Brute Force attack method was used to guess the password. Typically, group email boxes have a less secure password than individual user accounts.

By gaining control of the info@HR.com email account, the hackers accessed employees, customers, and vendors’ contact information.

The data from HR.com became available for sale on Telegram, similar to other exploited companies below.

What does a Hacker “Shopping Site” Look like inside Telegram?

In the screen below, the hacker, 4’4, is describing themselves as legitimate data brokers, and all information available for sale is obtained legally.

Within the “hacker” shopping site, their offering access to 1.5K Google business accounts, all claimed to be legitimate, for $200.00. The hacker uses direct encrypted messaging within Telegram to communicate with potential providers.

Digging deeper into the hacker site on Telegram, the shopper can see other companies that have been exploited and what user data is available for sale. Organizations also can go on Telegram to see if their company has suffered a data breach.

How can Companies Reduce the Likelihood of this Happening?

The criminal underworld continues to become more tech-savvy by using tools like Telegram to execute cyber crimes. Illicit marketplaces continue to expand globally; Telegram is only of many dark web marketplaces. Cybercriminals will move their stolen frequently between various dark web marketplaces to stay ahead of law enforcement.

Data protection, email security, and sound network architectures are critical for organizations to help prevent their data from ending up on Telegram. Here are a few examples of critical security adaptive controls offered by Trustifi, a global leader in cloud-based email security. Trustifi helps all organizations enable, manage, and update to ensure data security with the following capabilities:

• Multi-Factor Authentication- By requiring users to log in using more than one password or credential, this security control provides ideal protection against a brute force attack. Having layers of authentication with arbitrary systems ensures the inboxes, user accounts, and email messages become more secure.
• Inbound Email Security: Email phishers will use various phishing techniques, including spear-phishing, whaling, and double-barrel, similar to what they could have used in the attack on HR.Com. The phishers will use AI-powered email phishing messages to lure the owner or owners of a group mailbox like info@HR.com into changing their password and granting access to the box. Advanced email security solutions from Trustifi have high intelligence and mature Artificial intelligence engines with the expertise to stop complex email attacks.
• Zero Trust Architecture: Organizations investing in Zero-Trust architectures require all administrative consoles to only receive authentication and network connection from Zero-trust proxy. They will drop all other connection and authentication requests. This capability could have prevented the brute force attack against HR.Com’s email server.
• Outbound Data Loss Prevention: Embedded within email security solutions like Trustifi, enabling Data Loss Prevention(DLP) by inspecting all outbound email attachments is a critical adaptive control organization that must help. With HR.Com, if the hacker planned to use the info@Hr.com account to send data externally, DLP through Trustifi would have blocked the message before the data breach occurred.
• Data Tokenization: Data Tokenization has become increasingly critical for organizations needing to meet compliance obligations while preventing unauthorized access to corporate data without always encrypting emails. Tokenization is a more efficient method of protecting sensitive data, as it doesn’t add extra layers of encryption and decryption, slowing communication down.

Why Trustifi?

Organizations need an adaptive and fluid cybersecurity platform to quickly adjust to the changes in attack vectors and other cyber-criminal activities. Trustifi’s email security solution is a platform designed for clients to enable swiftly more adaptive control with a single click to help them stay ahead of constant changes in the cybersecurity threat landscape.

Trustifi is a cyber security firm featuring solutions delivered on software as a service platform. Trustifi leads the market with the easiest-to-use and deploys email security products, providing both inbound email and outbound email security from a single vendor built to stop fileless malware, ransomware, and data exfiltration.

As a global cybersecurity provider of both inbound and outbound email protection, Trustifi currently supports customers from countries including the USA, Canada, Brazil, the Dominican Republic, the UK, the Netherlands, India, the UAE, China, and Japan, Cyprus, the Philippines, and more. The company has also developed “One-Click Compliance” capabilities that cater to world security regulations, including PDPO for Hong Kong, POPI for South Africa, GDPR for Europe, and LGPD for Brazil.