Beware of this emergency data request hack attack
Following the offer for sale of high-quality government email addresses, with full credentials, on an underground cybercrime forum, with instructions on using them as part of an emergency data request attack for an additional $100, the Federal Bureau of Investigation has issued a warning to all email users. Suggesting that the credentials could be used for everything from espionage to data extortion or ransomware, the threat actor said that stolen subpoena documents enabling an attacker to pose as a law enforcement officer could also be purchased.
Compromised Government Email Credentials For Sale
The Federal Bureau of Investigation gas released a Private Industry Notification, PIN 20241104-001, warning of an ongoing cyber attack trend that uses compromised U.S. and foreign government email addresses. The attack modus operandi involves the use of fraudulent emergency data requests, which can request information to be supplied immediately by a business while bypassing additional reviews of the request for legitimacy, courtesy of their urgent nature, in order to expose sensitive information.
The threat type itself, even as a particularly sophisticated and somewhat complex twist on simpler phishing attacks, is not new but the increased volume of postings offering both the compromised credentials themselves and the knowledge required to exploit them is.
The Email Compromise Crime Timeline
The FBI noted that the first sales in relation to an emergency data request notification hacking scam was more than a year ago in Aug. 2023. At this time the detailed instructions were being offered for $100 on the dark web. By Oct. 2023, another cyber criminal was offering compromised government email addresses to be used alongside these instructions. These, in effect, allowed the hacker to seem like a law enforcement officer for all intents and purposes. This quickly meant that the methodology here was used as an initial access sector, and sold by brokers to the ransomware trade. In Dec. 2023, campaigns using the method were uncovered where supposed law enforcement officers or government officials were using the likely death of an individual if the information was not provided immediately.
Fast forward to now, and cyber criminals claiming ownership of compromised government emails across 25 countries were offering the complete package, including U.S. credentials and the real but stolen subpoena documents.
FBI Mitigations Against Emergency Data Request Email Attacks
The FBI alert comes complete with mitigations as follows:
- Review the security posture of all third-party vendors associated with your organization.
- Monitor external connections.
- Implement an incident recovery plan.
- Apply critical thinking to any emergency data requests received.
- Use strong password protocols.
- Use secure password storage.
- Use two-factor authentication.
- Configure accounts according to the principle of least privilege.
- Secure Remote Desktop protocol usage.
- Segment networks.
- Keep all software and operating systems up to date.
Perhaps the most critical of all of these is, appropriately enough, to apply critical thinking. Fraudsters and hackers alike rely upon knee-jerk reactions, using time-constrained instructions, to get you to do something that ordinarily you might be suspicious of. Following the instructions in an emergency data request email out of the blue, without getting confirmation of origin and having a second pair of eyes to authenticate, is just the kind of scenario an attacker loves. Take this FBI warning seriously or it might just cost your dearly.
