Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ICSI
Collaborator

Who is using Telegram?

As of 2023, Telegram, the messaging app, has reached significant milestones in terms of its user base:

  1. Total Users: Telegram has an estimated 1.068 billion total users​​.

  2. Monthly Active Users: The app has around 700 million monthly active users. This figure has been consistently reported across various sources, indicating a substantial and active user community​​​​​​​​.

  3. Daily Active Users: On a daily basis, about 55.2 million users actively use the app. This level of daily engagement highlights the app's importance in the daily communication habits of a large number of people worldwide​​​​.

  4. User Engagement: The average Telegram user spends about 2.9 to 3 hours per month on the application, demonstrating a significant level of engagement with the platform​​​​.

These statistics position Telegram as one of the top messaging apps globally, following major platforms like WhatsApp, WeChat, and Facebook Messenger. The app's popularity is attributed to features like robust privacy, a wide range of channels for various purposes, and a user-friendly interface.

but today I saw this on my Check Point Spark 1570 logs: I wonder if this is a normal behavior of the app, like when watching stuff or is the Russian APT getting a hold of every user in the world.

See something, say something! 

 

Regards,

Oscar Catana
https://ipthub.com

Cyber Sec Passionate!
0 Kudos
9 Replies
PhoneBoy
Admin
Admin

The other option is: it could be a false positive.
That possibility would have to be checked via TAC: https://help.checkpoint.com 

0 Kudos
ANANTADSULE
Participant

Hello Sir,

But what if false positive reaches 99% of entire detection.

0 Kudos
ICSI
Collaborator

So many questions to your comment about 99% of command injections. One thing is that if they are coming from the outside, it might be time to replace that IP address. I have a customer who used to have a ZyXel firewall, and I replaced with a Spark one, now I am receiving tons of ZyXel vulnerability scans and the next step would be to replace the public IP address to decrease the risk of a breach and increase the performance of the internet service.zmap and xyxel.jpg

Regards,

Oscar Catana
https://ipthub.com

Cyber Sec Passionate!
0 Kudos
the_rock
Legend
Legend

Thats why we suggested open TAC case and they can confirm for sure.

Andy

0 Kudos
ANANTADSULE
Participant

I already replied.

TAC replied me after 5 months of research.some of quotes from TAC below.

"This indicates that the functionality of IPS inspection works as expected."

"This protection is specifically for internal servers"

Interesting thing is the command injection signature is detecting checkpoint's support chat service as a web command injection.

0 Kudos
ANANTADSULE
Participant

Hello ICSI,

Nothing is special in these detection as TAC replied me after 5 months of research.some of quotes from TAC below.

"This indicates that the functionality of IPS inspection works as expected."

"This protection is specifically for internal servers"

Interesting thing is the command injection signature is detecting checkpoint's support chat service as a web command injection.

the_rock
Legend
Legend

Could be false positive as Phoneboy said, TAC would be best to confirm for sure.

Andy

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Telegram is well know for the criminal activities it is used for, but i simply do not know anyone using it... Maybe because it is very unsafe, it only pretends to be safe...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
the_rock
Legend
Legend

Well, that can be lots of apps really, but as long as connection is encrypted, thats what counts.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events