Security in instant messengers

Main article: Instant Messenger (IM)

2024: Fraudsters deceive companies by creating fake director accounts in instant messengers

Sber recorded another type of fraud against corporate clients. Criminals create messengers fake allegedly the head of the company in the account. For greater reliability, they can upload photos from available sources to a fake profile: take it from the company's website, for example, or use the avatar of this account.

Then, from a fake account, scammers begin correspondence with the company's accountant. After several general phrases (greeting, question), the "manager" gives an order to transfer funds to the details specified in the message. If the subordinate does not notice the substitution and performs the task, the company's money goes to the accounts of drops - people who cash out and transfer funds stolen by cyber fraudsters. Sberbank announced this on January 23, 2024.

{{quote 'author = said Stanislav Kuznetsov, Deputy Chairman of the Management Board of Sberbank. | Cyber ​ ​ fraudsters are less likely to deceive legal entities than individuals, but the stolen amounts in these cases are much larger. Now this method of fraud has appeared through the creation of a fake account of the head of the company in instant messengers. Sberbank successfully identifies such schemes, and the bank's fraud monitoring has already been supplemented with knowledge of this type of fraud. But I want to once again ask our corporate clients to be more vigilant, attentive and ask themselves questions when receiving such messages: why suddenly the manager has a new phone and an account in the messenger, why the data is hidden in it, why the director turned to you strangely. Any changes should be alerted, especially if they concern financially responsible employees of the company. In order not to be a victim of criminals, it is better to personally contact the manager and clarify all questions with him by phone or during an in-person meeting,}}

2022: Telegram records growth in criminal cyber services market

Positive Technologies specialists analyzed publications on cybercriminal topics in Telegram channels and chats. The study showed that most of the messages in the messenger are devoted to compromising user data, including buying and selling them. Experts recorded a record number of messages on hacker topics in the second quarter of 2022. This was announced by Positive Technologies on October 11, 2022.

According to a study by Positive Technologies, the number of cybercriminals' posts on Telegram began to increase markedly since 2020, and in 2021, user activity in thematic channels and groups increased 3.5 times. In the second quarter of 2022, experts note a record number of posts on hacker topics - more than 27 thousand, which is 2.5 times more than in the second quarter of 2021. Experts explain this growth by the possible massive transition of users of cybercriminal forums to instant messengers. This happened after many critically dangerous vulnerabilities in forum engines were identified in 2020-2021, and in 2021 there were several major forum hacks, which could also provoke an outflow of their audience.

Most of the analyzed messages are related to user, data including trade them fraudulent and operations (52%), then the statistics contain posts on cybercriminal services (29%) and distribution (15 malicious software %). Among malwares the most popular were programs for remote control (30%), as well as steelers (16%). The most famous styler was RedLine, which the company's specialists spoke about in a study of current ones for cyber threats the first quarter of 2022. Mentions of RedLine are found in more than 18% of messages on the topic of HPE: these are numerous discussions of functions, the sale and distribution of HPE, source code as well as collected with the help of a information styler. In addition, such steelers as Anubis, SpiderMan, Oski Stealer, Loki Stealer are discussing in Telegram. Their cost can range from 10 to 3500. $

Experts note that the price of the finished HPE is influenced by the type of malware, its functionality, as well as the timing of the program. For example, obfuscation (code obfuscation) tools can cost from $20 to $100, and a botnet or a guide to creating it can cost up to $750. The cost of the miner ranges from $10 to $1000: for $10 you can buy a fairly simple HPE with limited capabilities, and for $1000 - the source code of the tool with a wide range of functions, including bypassing antivirus programs and the ability to infect the system without administrator privileges.

According to the results of the study, 66% of messages on cybercriminal services are discussions of cash cashing, such as the withdrawal of cryptocurrencies. DDoS attacks were the second most popular, accounting for 16% of messages in this topic. Another 9% of posts are offers of services for hacking resources; these services include stealing email and social media accounts, and hacking websites and servers.

According to analysts at Positive Technologies, one in five messages on DDoS attacks is an announcement of the sale of services. The cost of a DDoS attack depends on its duration: for an hour the price will be $8, and a week of attack will cost $200 or more. In the first quarter of 2022, when there was an increase in the number of attacks on organizations' web resources, the number of messages on DDoS attacks quadrupled. This confirms the conclusions that the activity of attackers in the messenger reflects the trends of cyber attacks.

Messages about services for hacking accounts "VKontakte," Telegram, WhatsApp, Viber and other social networks and instant messengers make up 72% of the total number of publications about hacking resources. Compromising your VKontakte account can cost from $10 to $50. Messengers will cost more: for example, hacking a profile in Telegram, Viber and WhatsApp can cost from $350. At the same time, the cost of compromising a corporate account is significantly higher: hackers can request at least $200 for it when they charge $100 for hacking a personal mail account.

A significant part of all messages on the topic of compromising protected information are posts where personal (43%) or accounting (42%) data appear: these are ads about the purchase or sale of personal information, about services for falsifying documents, discussing leaks.

In 2021, almost half of all messages were devoted to compromising accounts, but in the first half of 2022, the topic of documents, personal data and services related to them (71%) became predominant. The number of messages on this topic increased significantly in the second quarter of 2022: against the background of numerous attacks and leaks noticed in the first quarter of 2022, the number of services related to the provision of copies of documents stolen from institutions increased. Thus, 28% of messages on this topic are advertisements for the sale of data and the provision of services related to data (for example, forgery of documents, the manufacture of an electronic signature), and every tenth message is devoted to their purchase, noted by Positive Technologies analyst, Ekaterina Semykina.

Most of the messages on the topic of credentials are devoted to the sale of accounts streaming of platforms, social networks, cryptoexchanges brokerage offices. So, an account Spotify can cost $5, and a premium account Netflix with a subscription for a year - from $10.

The study also talks about the popularity of Telegram services spam and mass mailing. Most often they offer - SMS spam (54% of messages on this topic), a little less often - spam by (e-mail 32%). Prices are usually calculated depending on the duration of the distribution or the number of messages. For example, the average cost for one postal address is about 50 per rubles hour of spam or per 1000 letters.

2021: Artezio has published an updated rating of safe messengers in the world

The analytical department of Artezio (part of the LANIT group of companies) conducted another comprehensive testing of existing instant messengers and published an updated rating of applications that can provide a high level of privacy. LANIT announced this on February 25, 2021.

Experts assessed the current technical condition of software products, tested the means of protection and the tools announced by the developers to ensure secure correspondence. The test checklist included more than 30 applications for various platforms, which were evaluated according to 50 criteria. messengers Only end-to-end encryption, which are capable of providing a really high level, went to the final round of testing. protection of transmitted data Testing was carried out with a focus on the quality enciphering data and reliability of protective equipment. The information study was attended by specialized specialists and developers of software solutions with expertise in the field of data security.

Specialists divided the recommendation list into two categories - for personal and corporate use. Messengers that are on the "Better for Business" list, according to experts, are capable of providing the highest level of security.

The top three safest messengers included Signal, Wickr and Viber, which was ahead of Telegram. Signal Messenger is still highly appreciated by experts for the quality of encryption protocols, the presence of two-factor identification, default encryption and readiness to disclose personal data. Elon Musk's calls to switch to Signal look grounded.

The final TOP-8 of applications is as follows:

1. Signal
2. Wickr
3. Viber
4. Telegram
5. Confide
6. Slack
7. iMessage
8. WhatsApp

Among the significant changes in the results of testing messengers, which were carried out by Artezio in 2018, experts noted an improvement in the positions of Viber and iMessage. Thus, Viber, according to the results of tests, shifted Telegram to 4th place, and iMessage from is ahead of Apple WhatsApp by a significant margin. The messenger from Facebook retains a place in the ranking of the safest, browsers even despite the scandal with the updated user agreement. Experts have previously pointed out that the messenger transmits the entire information Facebook. However, the updated user agreement was supposed to force the sharing of data of users who had previously been explicitly forbidden to do so.

Experts do not recommend using Facebook messengers for business correspondence or sending private information.

Line dropped out of the list of messengers compiled in 2018, it does not meet the criteria for safe messengers. Slack took its place, which experts confidently recommend for secure corporate correspondence.

Despite expectations, Telegram continues to lose ground in the ranking of secure communication applications. Previously, it was ahead of Viber, but according to the results of current testing, it lost to the development of Rakuten.

The study participants note an unconditional improvement in the quality of protection of user data in instant messengers. However, experts are concerned about the slowdown in the development of independent solutions that could use other approaches and tools to ensure data security and privacy of correspondence.

2018

Risks of using public messengers

Human factor

• Social Engineering - Fraudulent Techniques to Obtain Confidential Information
• Random factor - Indiscretions of employees, loss of equipment
• Former employees - Information that remains on the devices of employees who are no longer working in the company

Technical factor

• SS7 protocol vulnerability
• Viruses
• "Man in the Middle" Attacks
• Leak via push notifications

WhatsApp, Telegram and Signal vulnerable to third-party channel attacks

According to a report dated December 13, 2018, researchers from Cisco Talos reported vulnerabilities in popular instant messengers using encryption. According to experts, WhatsApp, Telegram and Signal can be hacked using attacks through third-party channels.

Secure instant messengers place some of the privacy functions of correspondence on the operating system, which simplifies the task for cybercriminals.

Experts say that the essence of secure communication applications is that all content sent between users is encrypted without the participation of a third party. To provide end-to-end encryption, these applications either developed the protocol themselves or use a third-party one.

Most applications use the organization's Open Whisper Systems open source Signal protocol or variants thereof. Telegram runs on its own closed TM protocol. However, these protocols provide encryption data only during transmission, but not during their processing or after receipt by the end user.

Other features are vulnerable to attacks, such as data storage, a user interface framework, and group mechanisms and deployments, the researchers said. In particular, Telegram is vulnerable to session interception on a PC. Although the additional session will be visible in the settings, the average user is unlikely to notice it.

WhatsApp and Signal are also vulnerable to session interception on PCs. In the case of Signal, intercepting the session will cause the so-called "race condition" and the victim will receive an error message. The average user can take it as an ordinary notification and not give meaning, while the attacker will open access to correspondence and contacts.

In the case of WhatsApp, the victim will also receive a notification about the attacker's attempt to establish an additional session. The user can deny the attempt, but during this period of time the attacker will have access to his previous correspondence and contacts.

Among other things, Telegram is also vulnerable to "session shadowing" on a mobile device. Using malicious Androidapplication-, an attacker can gain access to the victim's correspondence data and contacts^[1].

Facebook messenger recognized as the most unsafe

The analytical department of Artezio (Artesio) (part of the LANIT group of companies) on November 26, 2018 published a list of 20 messengers capable of providing a high level of privacy. The rating was compiled based on the results of comprehensive testing of programs, while the quality of data encryption and the reliability of information protection tools were the key criteria in the formation of the final expert assessment, representatives of Artezio told TAdviser.

Experts recognized the most unsafe for maintaining confidential correspondence messenger from. Facebook As serious disadvantages, low protection of user information is indicated, including the willingness of the corporation to share information about users, the lack of a tool for deleting messages on certain devices.

The top 8 programs with a high level of privacy are headed by a messenger. Signal He received the best rating for the presence, two-factor identifications enciphering by default, of a high quality encryption protocol and readiness to disclose personal data. Among the shortcomings, experts noted the lack of functionality for recalling (deleting) content and protecting against taking screenshots.

In second place was the Wickr messenger, whose rating was downgraded by experts due to the presence of a paid, more functional version of the program and the lack of data on the disclosure of information about users.

Telegram is in third place on the list, ahead of Confide, Viber, Line, WhatsApp and iMessage.

According to the test results, Artezio called Signal optimal for private private correspondence, and recommended the use of Wickr for business.

In total, during the tests, developed for platforms iOS Android mobile applications and evaluated according to 30 criteria, including reliability, enciphering data level (protection personal information availability), two-factor identifications readiness to disclose personal data, functionality storage systems of correspondence, level of protection against non-standard methods of copying information. Programs that did not meet the minimum privacy requirements for correspondence were excluded from the list.

2017

Corporate messengers become a significant target for cybercriminals

More and more enterprises prefer to use instant messengers for communication within the company. So, 77% of Fortune 100 companies use Slack − one of the popular corporate messengers. Due to the fact that such platforms are free and easily integrated into client systems and business processes, they are of interest not only for business, but also for cybercriminals. Trend Micro examined the most popular enterprise platforms to find out what threats they are exposed to. The study was conducted on the example of such messengers as Slack, Discord, Telegram, Twitter, Facebook, etc.^[2].

Key findings of the report:

• Enterprise platforms have proven vulnerable to various types of malware. In software particular, malware, files, and - bitcoin miners used the interface popular USA in the Discord platform. And varieties of malware such as KillDisk or the TeleCrypt ransomware use Telegram protocols to communicate with the C&C server.
• The most secure for users was the corporate messenger Slack - during the preparation of the report, no malware or cyber attacks related to this platform were detected.
• Twitter's platform has long remained a major target for attackers, leaving the social network to adapt to detecting accounts infected with malware ON based on user behavioral analysis data.
• Soon there will be more and more examples of how cybercriminals use the software interfaces of such applications for their own purposes. For example, instead of creating a specialized interface from scratch to communicate with a ransomware victim, an attacker can use an existing messenger and send a message to the user describing the ransom payment process.

In order not to become a victim of cybercriminals, Trend Micro recommends the following:

• Establish clear rules for the safe use of corporate instant messengers among employees.
• Provide training among employees and inform about the most widely used types of cyber attacks, such as phishing or spam.
• Make sure that the IT team is aware of the cyber threats that may arise when using corporate messengers, and also constantly monitors suspicious network activity.
• Assess how critical it is to use enterprise platforms for daily communication. If not critical, it is better to stop its use.

Solar Security investigated the security of instant messengers

Solar Security, a developer of products and services for targeted monitoring and operational management of information security, presented in March 2017 a study on the security of mobile instant messaging applications. International popular free mobile instant messaging apps - Facebook Messenger, QQ International, Signal, Skype, Slack, Telegram Messenger, Viber, WeChat and WhatsApp - were selected to participate in the study.

Each application was considered in two implementations - for mobile operating systems iOS and Android. Security checks were carried out automatically using the Russian solution Solar appScreener (formerly Solar inCode), which uses methods of static, dynamic and interactive code analysis.

According to the company, the implementation of applications for the Android platform turned out to be more secure compared to implementations for iOS. Among the analyzed Android messengers, the top three most secure included Signal, Facebook Messenger and Slack. At the same time, Signal showed a high result. The absence of serious vulnerabilities allows us to say that the application is quite secure both in terms of protecting user data and in resistance to attacks using Trojans or known exploits. Facebook Messenger and Slack demonstrated good code quality.

The leaders among iOS instant messaging apps are Facebook Messenger, Viber and Skype. Signal took fourth place with a slight lag. Most vulnerabilities were found in the QQ International and WeChat messengers, which appear to be the least secure regardless of platform, Solar Security said.

The study also showed that all analyzed applications contain vulnerabilities that can be divided into two groups by possible method of exploitation: vulnerabilities that increase the risk of compromising information stored on the device - logins, passwords, correspondence, etc. (as a rule, vulnerabilities of this type can be exploited using malicious software); vulnerabilities that allow a Man-in-the-Middle attack, as a result of which an attacker can gain access to all data sent through the messenger (this attack can be successfully implemented, for example, when using public Wi-Fi).

In the preparation of the study, decompilation and deobfuscation of applications were not carried out. Static analysis was performed on the binary code.

2016

Positive Technologies will take part in the work to protect the state messenger

Positive Technologies and the Institute for Internet Development (IRI) announced in December 2016 the start of cooperation in the field of information security of the state messenger: Positive Technologies experts will join the expert council of the IRI project working group, test messengers for their vulnerability to cyber attacks and prepare recommendations to increase the level of security.

WSJ: The degree of reliability of messengers is low

Experts agree: the usual for everyone, WhatsApp passing through tens of billions of messages per day, can hardly be called safe. Every now and then there is news about the vulnerabilities of the program. In the course of one of the studies, it was found that a file with a correspondence history located in the device's memory, being encrypted, is hacked in a few moments using a simple script. And even more so, recently the service belongs to Facebook, known for its ties to the American special services.

Other free communication services, from Viber to iMessage, are no better.

There were also questions for Telegram, which was created by Pavel Durov. It was reported that hackers managed to gain access to accounts. The exception is secret chats. Thus, when hacking, an attacker can not only conduct correspondence on behalf of the victim, but also read all the correspondence that the Telegram client loads into the phone.

Amnesty International: Facebook and WhatsApp most secure messengers

The international human rights organization Amnesty International announced in the fall the rating of the security of messengers from unauthorized access to the correspondence^[3] users^[4].

The drafters of the report evaluated messengers according to a number of security-related criteria according to a 100-point system.

The highest marks - 73 points each - were received by Facebook Messenger and WhatsApp. The second and third lines were shared by iMessage, FaceTime and Telegram Messenger, which scored 67 points each.

Scores below 50 points received Viber (47), (Skype 40), (Snap Inc. (Snapchat) 26) and (20 Blackberry).

The rating is closed by the Chinese messengers QQ and WeChat, the safety of which Amnesty International rated at zero points.

In total, 16 messengers from 11 companies were included in the Amnesty International rating.

Facebook Messenger does not use encryption on devices by default, which allows you to protect your conversations as much as possible. This mode must be enabled separately for each interlocutor. The same is in Telegram. In WhatsApp, iMessage and Facetime, this encryption works by default for all contacts.

to watch a" non-governmental organization "act as a PR tool for governments and corporations," Pavel Durov said in a statement.

According to the head of Telegram, arguing that Facebook services are more protected, Amnesty International takes citizens for idiots.

Durov believes that Facebook took part in the PRISM spy program organized by the US National Security Agency (NSA).

IIDF, Rostelecom and Tele2 chose secure messengers

The Internet Initiatives Development Fund, with expert support from Rostelecom and Tele2, announced in the summer of 2016 the best secure messengers with the potential for implementation in large Russian corporations, state-owned companies, as well as state structures and departments. The shortlist includes the four best projects with Russian roots: Sibrus, Titanium, Flodium and SyncCloud. Partners will conduct due diligence of development companies and choose the most promising investment solution.

Exploring the market, the partners reviewed more than 800 projects of instant messengers, chats and social networks from the IIDF preaxelator base, as well as popular foreign solutions such as Slack or Skype. A team of experts from IIDF, Rostelecom and Tele2 conducted a detailed assessment of the 12 best technological solutions, and face-to-face meetings and interviews were held with 7 development teams that reached the final of the selection. The four most advanced and secure solutions - Sibrus, Titanium, Flodium and SyncCloud - are currently undergoing an investment assessment, following which IIDF, Rostelecom and Tele2 will consider the possibility of entering capital or otherwise supporting the most promising project. The scope and structure of the transaction will be determined upon completion of the due diligence process.

According to the partners' plan, the technology of a secure messenger will form the basis for the development of a comprehensive business solution in the field of "unified communications" (UC - Unified Communications). The UC solution involves real-time integration of services such as instant messaging (chat) and presence information (presence), telephony and video conferencing, calendar management, file exchange and document collaboration. Since such a solution is in demand not only by the private sector, but also by the government agencies of Russia, the key selection criteria were: security and data encryption, support for voice and video conferencing, the ability to exchange media files and documents of all major formats, multi-platform, support for technologies for creating workgroups and calendar management, as well as the availability of Application Programming Interface (API) protocols for external solutions and the possibility of developing a bot platform. The completed UC solution can not only become the main tool for business communications in large Russian corporations and state-owned companies, but also form the basis for the interaction of the state with the population in the public services sector: for example, by automating a number of services through bots technology.

There are more than 4.2 billion messenger users in the world, and more than 60 million in Russia, according to analysts. Tele2 In total, there are over a hundred different messengers in the world, and Viber WhatsApp Skype is the most popular in Russia. The global market for services in the field of "unified communications" is estimated to PwC have amounted to 24 billion in 2015. dollars While the traditional telephony market is growing at only 2% per year, the UC services market is growing at 11% annually and will reach $32 billion by 2018. According to analysts at Global Market Insights, about 60% of the market volume will be provided by the corporate sector, about 20% - by government customers. As for Russia, according to IIDF forecasts, by 2018 the domestic market for solutions and services in the field of "unified communications" may range from $0.7 billion to $1 billion.