Free Trial
Get Full Access
Log in

Threat Spotlight: The New Dark Web?

Picture of Flare
Flare
  • Reading time: 3 min

Executive Overview

Illicit Telegram channels have become a growing concern in the realm of cybercrime.

Threat actors want to connect with each other in fast, reliable, and “anonymous” ways. Telegram has been their answer, and malicious actors are increasingly moving off of Tor and onto the instant messaging platform. 

Flare Director of Marketing Eric Clay and CTO & Co-Founder Mathieu Lavoie talked about the realm of unauthorized Telegram channels, along with the diverse methods cybercriminals employ to conduct their nefarious activities. 

Check out our full webinar recording, The New Dark Web?: Illicit Channels and their Impact on Cybersecurity, and/or keep reading for the highlights.

Relationship Between Telegram and the Dark Web

Traditional dark web marketplaces found on Tor serve as a (partially) trusted middleman between vendors and buyers with built-in escrow services. On the other hand, Telegram has thousands of individual channels, which are “direct to consumer” and vendors sell stolen credit cards, combolists, leaked credentials, and infected devices directly to other cybercriminals. In this model reputation is everything.  

Compared to marketplaces on the traditional dark web, Telegram channels often specialize in selling specific classes of illicit goods such as combolists, configurations, and malware.

In addition, the channels serve as a backup method for communication that can sometimes be more reliable than traditional forums or discussion services. For example, law enforcement recently arrested the leader of Breach Forums and shut down the website. Telegram served as a backup channel for communication for Breach Forum moderators, as they assured users that they would continue operations. 

Telegram and the dark web are closely intertwined, and the instant messaging platform supports gaps in dark web activities. 

Telegram’s Role in Spreading MaaS

Telegram offers many functionalities and includes a fully functional API, allowing for bots and other more complex use-cases which can create automation capabilities not present on traditional Tor marketplaces. This enables threat actors to seamlessly sell subscriptions to channels, automatically deliver purchased data, and even leverage Telegram channels as command and control infrastructure for malware.

These functionalities make Telegram the preferred choice for many (if not most threat actors). High degrees of automation, lax moderation, and end to end encryption create the perfect environment for a vast underground economy.

Telegram Monitoring Best Practices

1. In-house Telegram coverage to supplement vendors’ monitoring:

Even if organizations are working with CTI vendors, security teams should invest the time to help the vendor optimize coverage based on their specific use-cases and risks. For example, there may be very small but highly relevant channels that are likely not in the vendor’s initial collection but may be directly relevant to the customer based on the type of data being sold, threat actors posting there, or other factors.

2. Automation:

With the sheer volume of Telegram channels, manual monitoring is impossible for full coverage of all relevant channels. We recommend that companies find a vendor they are comfortable with that takes a unified approach to monitoring both illicit Telegram and traditional Tor marketplaces. Threat actors operate across thousands of channels and often create new channels, change their names, and merge channels, making manual approaches to monitoring prone to high miss-rates.

3. Eliminating noise:

Another advantage of working with a vendor is that they will likely de-duplicate identical posts and images, allowing security teams to focus on the most relevant data while not getting bogged down in noise.

How Flare Can Help

Flare monitors illicit Telegram channels, (and the clear & dark web) for high-risk data exposure. We have teams dedicated to  automating collection, structuring, deduplication, and analysis of data found in Telegram channels to provide high-impact relevant results to our customers. 

Curious about how Flare can help your organization stay on top of Telegram coverage? 
Request a demo to see Flare’s Telegram monitoring for yourself.

Share This Article
View posts

Flare

Related Content

, ,

AlphaLock, Threat Actor Branding, and the World of Cybercrime Marketing

Read More

Ransomware in Context: 2024, A Year of Tumultuous Change

Read More

Flare Acquires Foretrace to Accelerate Threat Exposure Management Growth

Read More

“What used to take about 1500 hours to complete can now be done in 1 week. Flare allows me to empower junior analysts to do dark web investigations that were previously impossible, hence liberating bandwidth.

Senior Security Specialist at a MSSP

“Other solutions would present us with thousands of potential leaks which were impossible to work with for our small team, Flare was the only one that could successfully filter and prioritize data leaks with their 5-point scoring system.”

CTI Director at a Major North American Bank

“Flare enables us to react quickly when threats are publicized. It helps us protect our brand and financial resources from data breaches.”

CISO in a Major North American Bank

“We audited dozens of different solutions and Flare was the only one making CTI easy and understandable for all, with the right data.”

Senior Advisor at an IT Services Industry

Start your free trial today

Experience Flare for yourself and see why Flare is used by organization’s including federal law enforcement, Fortune 50, financial institutions, and software startups.

START FREE TRIAL
Flare logo
Get a Demo
Free Trial
Linkedin Twitter Facebook Youtube
Copyright 2024 Flare Systems, Inc.
1751 Rue Richardson, Unit 3.108, Montreal, Quebec, H3K 1G6

Flare HQ

soc 2 cybersecurity company
Flare logo
Free Trial
Get Full Access
Log in