Research | Our Q3 report details what's new in the world of ransomware.
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
Threat Advisories
The latest threat research report from ReliaQuest Threat Research research team.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
November 30, 2023
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
Picture the scene. It’s Christmas Day, and your child/loved one/other has just opened their present from you…a new games console. It’s a tale likely to be repeated many times across the globe over the next week. Gaming, especially a new console, brings joy to thousands of people every year. It also brings a wealth of new online friends in places worldwide that our usual friendship circles just wouldn’t reach. As more and more global gaming relationships are established, users turn to platforms like Discord to chat gaming, share memes, and more! In this blog, I’ll talk you through the potential dangers lurking within Discord to help you answer this question: Do I really need to be concerned about Discord this Christmas?
If you’ve never ventured into the realms of Discord, you might be wondering what it is. Discord was a mystery to me not being a gamer myself, and I was quickly schooled by some (much younger) colleagues before embarking on my Discord research journey.
Discord describes itself as “the easiest way to talk over voice, video, and text.” It’s a place to chat, call, share things, and generally hang out with friends, and the Discord community at large. Discord uses voice over Internet protocol (VOIP) to facilitate voice calls and is described as a “digital distribution platform.”
If you’re playing by Discord’s rules, users must be at least 13 years old to register for an account. However, in reality, Discord does not verify a user’s age at the point of registration. Or ever, for that matter. So anyone, of any age, with an email address and a phone number can register for a Discord account. There are undoubtedly Discord users under the age of 13, and they would definitely benefit from reading up on how to manage their digital shadow.
Discord is marketed as a space for everyone to chill and chat no matter their interests. That’s excellent news for those of us who have niche interests and no one in the real world to talk to about them. However, like many other online platforms, providing for people with such diverse interests inevitably means that there will be some dark places in Discord that you probably don’t want your 12-year-old visiting. So let’s dive into those a little deeper now.
As I’ve already mentioned, most users head to Discord for extracurricular gaming fun. And if that’s where it stops, then great. However, discussing gaming online can sometimes lead to discussing gaming cheats and modifications, and there are plenty of servers in Discord that cover these topics. In 2017, the UK National Crime Agency published a “Pathways into Cyber Crime” report that said, “offenders begin to participate in gaming cheat websites and ‘modding’ and progress to criminal hacking forums without considering the consequences.” The report also stated that money is not the primary motivation for many young cybercrime offenders. Simply completing a challenge or being the first to achieve it is enough motivation for many.
The NCA’s research still stands today, but these experimental youths may not need to venture to cybercriminal forums to discuss and develop their hacking skills. Discord has these spaces too. On top of that, there are servers where you can buy details of compromised payment cards, exam papers before they are released, and even your own server to host; a) your gaming stuff, or b) illegal things.
By far, the most prevalent type of criminal server that I identified during my research were those where you could buy online accounts for almost anything, including:
Whatever you’re after, Discord has it. These accounts’ low prices and high availability suggest they are in abundance. Add to that the fact that these are all major companies, many Discord users could be caught in a “what’s the real harm” conundrum. As with progression from gaming to hacking, young Discord users may not understand the full ramifications of buying one of these accounts. Simply thinking of it as an easy way to watch their favourite TV show for free. But, let’s not forget, it’s fraud. Plain and simple.
Once you’re a member of a server like this, Discord will allow you to share files with other users in that server – after all, it is a digital distribution platform, remember?! But what happens when someone sends your child a malicious file? There must be firewalls in place to stop that, surely? Nope, the kids can just hit “download anyway” and potentially unleash some nasty malware onto their (or your) device.
Malware isn’t the only thing to worry about when it comes to file sharing. Many servers have NSFW (not suitable for work) sections. I haven’t entered into these channels myself, but I imagine some unsavoury things are happening in them. And what would I need to do to see the “adult content” in these channels? Just tell Discord I’m over 18, of course. Where’s that age verification when you need it…
We’ve written before about cyber threats to the online gaming industry, and Discord is no different in that respect. Discord is a legitimate platform being exploited by criminals for illegitimate purposes. After a quick online search, I found a YouTube video that shows the viewer how to use a Discord server as a command-and-control (C2) server. I also found this GitHub entry explaining the same thing. Although this GitHub author says they just wanted to “mess around,” they also point out that with more time, they “would use this as an initial dropper then upgrade my shell via injection.” In the wrong hands, Discord users could see their servers being used to perpetuate cyber threat campaigns without their knowledge.
Cybercriminals are abusing the core features of Discord to spread different types of malware. Remember I said you can share files via Discord? Well, those files are stored in Discord Content Delivery Network (CDN). Researchers identified that cybercriminals are abusing the CDN “by creating channels with the sole purpose of delivering…malicious files”. In 2020, Discord had 300 million registered users. Distributing malware through a platform of this size is a sure-fire way of causing mass devastation. Threat actors use these malicious files to capture information about the users and their devices and to download and execute more malicious files.
There is good news. Discord’s Trust and Safety team is aware of the presence of criminal servers and is acting to stop them. The team is sending out email warnings like the one below to encourage users to leave servers they have identified as allowing or facilitating harmful activities relating to cybercrime.
These warnings indicate that individual users will face the consequences for being a member of a criminal server. Still, there’s nothing about what they are doing about the server itself. Presumably, its owners are also getting a strongly worded email asking them to take down the server before Discord T&S does. One can only hope.
Discord has also made its registration process more rigorous, requiring verification through email and phone in many cases. There’s also an arduous Captcha verification process to get through to prove you’re human and stop the proliferation of unwanted bots throughout the platform. Still no sign of age verification, though.
If you’re interested in finding out more about how cybercriminals weaponize social media, why not take a seven day test drive of SearchLight (now ReliaQuest’s GreyMatter Digital Risk Protection) here, or sign up for a demo.