The Alarming Rise of Cybercrime on Telegram: 53% Surge in 2024

In recent months, Telegram has witnessed a significant surge in cybercriminal activity, with an alarming 53% increase reported between May and June 2024 compared to the same period in the previous year. This is according to Kaspersky’s Digital Footprint Intelligence data. This trend has raised concerns about the security and integrity of the popular messaging platform. Their analysis of shadow Telegram channels has uncovered a troubling pattern: cybercriminals are increasingly exploiting Telegram for a variety of underground market activities.

The Rise of Cybercrime on Telegram

Cybercriminals have found Telegram to be an attractive platform for their illicit activities. They actively operate channels and groups dedicated to discussing fraudulent schemes, distributing leaked databases, and trading a range of criminal services. These services include cashing out, document forgery, and Distributed Denial of Service (DDoS) attacks as a service, among others.

Factors Driving Cybercriminals to Telegram

Several key factors contribute to the growing interest of the cybercriminal community in Telegram:

1. Popularity: Telegram boasts a massive user base, with its audience reaching 900 million monthly users, according to founder Pavel Durov. This extensive reach makes it an appealing platform for cybercriminals seeking a broad audience.
2. Perceived Security: Telegram is marketed as a highly secure and independent messenger that does not collect user data. This perception gives threat actors a sense of security and impunity, encouraging them to use the platform for their activities.
3. Ease of Use: Creating or finding a community on Telegram is relatively straightforward. This ease of access, combined with the platform’s other appealing features, allows various channels, including cybercriminal ones, to gather an audience quickly.

Nature of Cybercriminal Activities

Cybercriminals operating on Telegram generally demonstrate less technical sophistication and expertise compared to those found on more restricted and specialized dark web forums. The low entry barrier into the Telegram shadow community means that someone with malicious intent simply needs to create an account and subscribe to criminal sources they can find within the community. Unlike dark web forums, Telegram lacks a reputation system, which often leads to a higher prevalence of scammers within the platform’s cybercriminal space.

Hacktivist Presence on Telegram

In addition to cybercriminals, Telegram has also emerged as a platform for hacktivists to make statements and express their views. Due to its extensive user base and rapid content distribution capabilities, hacktivists find Telegram a convenient tool for inciting DDoS attacks and other disruptive methods against targeted infrastructures. They can also release stolen data from attacked organizations into the public domain using shadow channels on Telegram.

Mitigating Cyber Risks

To help enterprises mitigate the risks associated with these growing cyber threats, Kaspersky Digital Footprint Intelligence has published a comprehensive playbook. This free resource provides guidance on tracking shadow market activities and handling data-related incidents, offering valuable insights for businesses looking to protect themselves from the rising tide of cybercrime on Telegram.