The FBI has put out a warning that cybercriminals are pretending to be law enforcement (and other U.S. officials) to send out fraudulent "emergency data requests" (EDR). An EDR is a legal way for police and other agencies to obtain information from companies in "emergency" situations without a warrant or a subpoena.
An EDR is supposed to be used in life-or-death moments, but apparently, hackers are using them to get around company safeguards and obtain sensitive data quickly.
In the FBI's Private Industry Notification, the Bureau explained that there has been an uptick in fraudulent requests. "While the concept of fraudulent emergency data requests was previously used by other threat actors, such as Lapsus$, the increase in postings on criminal forums regarding the process of emergency data requests and sale of compromised credentials has led to an increase of their use."
The threat actor, Lapsus$, was an extortion group that apparently pioneered using EDR to gain information.
According to the alert, the requests started seeing an update in August of this year, when a known cybercriminal on an online forum posted their sale of "High-Quality .gov emails for espionage/social engineering/data extortion/Dada requests, etc," which included US credentials. The poster indicated they could guide a buyer through EDRs and sell real stolen subpoena documents to pose as a law officer.
The notice does mention other crimes including some hackers who procured compromised government emails across 25 countries and "boasted" about being able to gain piles of private information.
The problem is that the hackers are targeting companies, something we as buyers don't have control over. The FBI did put out a list of "mitigations" that companies can use to reduce hacker harm, and if you work in a company that deals with sensitive data, perhaps those mitigations will be of use to you.
These include double checking the security posture of connections between third parties as they interact with systems, including external and remote connections. They also suggest being wary of EDRs that highlight the urgency of the request and to check the details for inconsistencies or doctoring. See the entire mitigation list starting on page 3 of this document for more recommendations.
How to stay safe
As with many data breaches and fraudulent activities, we are putting some amount of blind faith in the affected to companies to protect our data. This means that we need to be vigilant when we see reports of data breaches and hacked companies. You'll also want to pay attention to your mail box in case the company sends you a physical notice of a breach.
If your personal or financial data was exposed, you'll want to carefully monitor all of your financial accounts for signs of fraud. If your Social Security number was lifted too, fraudsters can use it to sign up for loans, apply for jobs or commit more crimes in your name. It is one of the many reasons that identify theft is scary and quite difficult to recover from.
Additionally, you will want to pay attention to your inbox, messages and social accounts as hackers can use your information to pry more out of you. Watch out for emails from unknown senders or with blank subject lines. If something looks suspicious or tries to get you to act with urgency, don't respond or click any links or download attachments these emails might contain. It's best just to delete it.
More from Tom's Guide
