The FBI has warned that cybercriminals are impersonating law enforcement (and other US officials) to send fraudulent “emergency data requests” (EDR). An EDR is a legal way for police and other agencies to obtain information from businesses in “emergency situations” without a warrant or subpoena.
An EDR is supposed to be used in life-or-death moments, but apparently hackers are using it to bypass corporate security and quickly obtain sensitive data.
At the FBI Private sector noticethe Bureau explained that there has been an increase in the number of fraudulent requests. “While the concept of fraudulent emergency credential requests has previously been used by other threat actors such as Lapsus$, the increase in posts on criminal forums about the process of emergency credential requests and the sale of compromised credentials has led to an increase in its use. “
The threat actor, Lapsus$was an extortion group that apparently pioneered the use of EDR to obtain information.
According to the alert, the requests received an update in August of this year, when a known cybercriminal posted on an online forum his sale of “High-value .gov emails for espionage/social engineering/data extortion/Dada solicitations, etc.” including American references. The poster indicated that they could run a buyer through EDRs and sell real stolen subpoena documents to pose as a law officer.
The notice does mention other crimes, including some hackers who obtained compromised government emails in 25 countries and “bragged” about being able to obtain reams of private information.
The problem is that the hackers target companies, something that we as buyers have no control over. The FBI has created a list of “measures” that companies can use to reduce the damage from hackers, and if you work in a company that deals with sensitive data, you may find these measures useful.
These include double-checking the security status of connections between third parties as they interact with systems, including remote and remote connections. They also suggest that you should be wary of EDRs emphasize the urgency of the request and to check the details for inconsistencies or tampering. See the full list of solutions from page 3 of this document for more recommendations.
How to stay safe
As with many data breaches and fraudulent activities, we place a degree of blind trust in the affected companies to protect our data. This means we need to be vigilant when we see reports of data breaches and hacked companies. Also keep an eye on your mailbox in case the company sends you a physical notice of a breach.
If your personal or financial information has become public, you will want to carefully review all your financial accounts for signs of fraud. If your Social Security number has also been revoked, fraudsters can use it to apply for loans, apply for jobs, or commit more crimes in your name. It’s one of the many reasons why identification theft is scary and difficult to recover from.
Additionally, you should pay close attention to your inbox, messages, and social accounts as hackers can use your data to get more out of you. Beware of emails from unknown senders or with empty subject lines. If something looks suspicious or tries to get you to do so act urgentlydo not respond, click on the links, or download any attachments these emails may contain. It’s best to just delete it.
Leave a Reply