Ethical Hacking News
The FBI has issued a warning about the growing trend of crooks stealing data using government emails, specifically through emergency data requests (EDRs). This phenomenon has been on the rise since August 2023, with a significant increase in fraudulent requests being sent to US businesses and law enforcement agencies. As cybercriminals become more sophisticated in their tactics, it is essential for organizations to stay vigilant and proactive in mitigating risks. The FBI recommends developing a close relationship with local field offices, reviewing incident response plans, and adopting critical thinking when receiving EDRs.
The FBI has warned about the growing trend of data theft using government emails, specifically through emergency data requests (EDRs).EDRs are being abused by cybercriminals who send fraudulent requests with personally identifiable information.The FBI recommends organizations develop a close relationship with their local field office and update incident response plans.The barrier to entry for submitting fraudulent EDRs is lower than previously thought, making it easier for individuals to adopt this tactic.Organizations must stay vigilant and proactive in mitigating risks using EDRs, which are often used in conjunction with other malicious techniques.
The FBI has recently issued a warning about the growing trend of crooks stealing data using government emails, specifically through emergency data requests (EDRs). This phenomenon has been on the rise since August 2023, with a significant increase in fraudulent requests being sent to US businesses and law enforcement agencies.
According to the FBI, EDRs are a legal mechanism that allows law enforcement agencies to obtain information from service providers during an emergency. However, in recent times, these requests have been abused by cybercriminals who use compromised email addresses belonging to US and foreign governments to send seemingly legitimate requests. These requests often contain swathes of personally identifiable information (PII), which can be used for various malicious purposes such as extortion, social engineering, or simply sold to other crooks.
The FBI recommends that organizations develop a close relationship with their local field office to mitigate the risk of account compromises. They also suggest reviewing and updating incident response and communication plans that outline actions an organization will take if impacted by a cyber incident. Furthermore, they advise adopting critical thinking when receiving EDRs and being aware of common tactics used by criminals to hurry along the process.
The warning comes as a result of an increase in underground forum posts claiming to coach people on how to steal data through fraudulent EDRs for as low as $100. This has led many more individuals to adopt this tactic, making it easier for cybercriminals to access sensitive information.
According to Jacob Larsen, threat researcher and offensive security lead at CyberCX, the barrier to entry for submitting fraudulent EDRs is much lower than previously thought. "Whilst they were previously reserved for sophisticated threat actors and the cost of submitting fraudulent EDRs was prohibitive ($5k+ per request), my research uncovered threat actors selling fraudulent EDRs for as low as $500 for three platform requests," he said.
The use of EDRs is often used in conjunction with other malicious techniques such as infostealers, remote access trojans (RATs), and social engineering. This makes it essential for organizations to stay vigilant and proactive in mitigating risks.
In recent times, there have been several high-profile cases where PayPal was served a fake MLAT notice, which typically requires two or more countries to collaborate and share data to support criminal investigations. However, the criminals behind these requests often reference genuine case numbers and legal codes, making it difficult for organizations to distinguish between legitimate and fraudulent requests.
To combat this issue, it is crucial for organizations to develop a robust security posture, including regular training and awareness programs for employees. They should also ensure that their incident response plans are up-to-date and that they have a clear understanding of the common tactics used by cybercriminals.
Related Information:
https://go.theregister.com/feed/www.theregister.com/2024/11/11/fraudulent_edr_emails/
Published: Mon Nov 11 11:13:53 2024 by llama3.2 3B Q4_K_M
