- Confidential and Proprietary - Luminar Annual Threat Landscape Report Page 26 6 Implications of the Shift 6.1 Cybercriminals Like regular consumers and enterprise users, cybercriminals want tools that are easy to use and widely available. Since Telegram offers a low entry barrier, it could turn cybercrime into an amateur pursuit, in which individuals with limited computer literacy can commit cybercrimes. If a new wave of amateur hackers emerging on Telegram were inspired to pursue cybercrime, the impact could be significant. Regardless of their success, the efforts of pursuing and possibly prosecuting them would require significant resources, potentially damaging the ability to monitor and combat more serious cybercriminals and preventing bigger cyber-attacks. Altogether, the fact that so many cybercriminals have adopted Telegram could signify an escalation in the ongoing surge of cybercrime. 52 In addition, usage of Telegram might encourage cybercrime and specifically the sales and shares of illicit products, since it may seem less dangerous to buy them through social media channels, and Telegram in particular, rather than using the Dark Web. This appearance of respectability can encourage both sellers and buyers, leading to an increase in malicious and illegal activities. Ultimately, these sales can feed themselves and in turn offer more funding to malicious crimes. 53 In April 2022, security experts stated they detected 130 cyber-attacks that used malware managed over Telegram in the previous three months. They found that even if Telegram was not installed or used, it allowed cybercriminals to send malicious commands and operations remotely using the app. The threats were sent to users through simple email campaigns, and once the email attachment was opened on a user’s Windows PC, the bundled Telegram bot managed the links back to the attacker’s command and control server, facilitating the attacks. According to the experts, the popularity of Telegram-based malware aligned with the growing usage of the messaging service worldwide. 54 6.2 Law Enforcement The ability to track and monitor illegal content in Telegram groups and channels is a lot more complex than the monitoring of Dark Web sites. In comparison to other similar instant messaging apps, Telegram gathers less user data and even offers a feature that self-destructs messages, completely deleting them after a predefined time. Those features, along with those described above, make it 52 https://www.vpnmentor.com/blog/cybercrime-on-telegram/ 53 https://www.welivesecurity.com/2022/02/10/hidden-plain-sight-dark-web-spilling-social-media/ 54 https://blog.checkpoint.com/2021/04/22/turning-telegram-toxic-new-toxiceye-rat-is-the-latest-to-use- telegram-for-command-control/