Easy Access to Information for Conducting Fraudulent Emergency Data Requests Impacts US-Based Companies and Law Enforcement Agencies

SUMMARY

The Federal Bureau of Investigation (FBI) is releasing this Private Industry Notification to highlight a trend of compromised US and foreign government email addresses used to conduct fraudulent emergency data requests^ab to US-based companies, exposing personally identifying information (PII). While the concept of fraudulent emergency data requests was previously used by other threat actors, such as Lapsus$, the increase in postings on criminal forums regarding the process of emergency data requests and sale of compromised credentials has led to an increase of their use. The FBI encourages organizations to implement the recommendations in the Mitigations section to reduce the likelihood and impact from submission of fraudulent emergency data requests to attempt to gain unauthorized access to PII. Enhanced password protocols implemented in early 2023 highlighted that a mandated increase in password length, the use of multi-factor-authentication (MFA) for users with administrative rights, policy controls directed at vishing, and improved baseline monitoring worked together to decrease successful attempts at cracking passwords and made networks more resilient to a threat actor’s initial intrusion and persistence.

^a An emergency data request can be used in emergency circumstances to request information immediately from a business and bypassing additional reviews of the request for legitimacy.

^b While emergency data requests are viewed within the law enforcement community as entirely separate data requests, many cyber-criminals use this terminology along with letterhead memorandums (LHM), subpoenas, and Mutual Legal Assistance Treaties (MLAT) interchangeably.

Please click here to read more detail