skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition
FBI Reports Increase in Misuse of Emergency Data Requests

FBI Reports Increase in Misuse of Emergency Data Requests

/ 4 min read

Quick take - The FBI has reported a notable increase in the misuse of Emergency Data Requests (EDRs) as of late 2023, prompting a notification to U.S. businesses and law enforcement about the risks of fraudulent requests that exploit compromised email addresses, leading to unauthorized access to personally identifiable information.

Fast Facts

  • The FBI has reported a significant rise in the misuse of Emergency Data Requests (EDRs) as of late 2023, prompting a Private Industry Notification to alert businesses and law enforcement.
  • EDRs allow law enforcement to obtain critical information from service providers during emergencies without a subpoena, but their misuse has led to the unvetted release of personally identifiable information (PII).
  • Criminals are exploiting EDRs using compromised email addresses to send fraudulent requests, with underground forums offering guidance for as little as $100.
  • Organizations are advised to verify the validity of EDRs, scrutinize documents for tampering, and strengthen relationships with local FBI offices to mitigate risks.
  • The cost of submitting fraudulent EDRs has decreased, making them more accessible to cybercriminals, who often use them alongside other malicious methods.

FBI Reports Rise in Misuse of Emergency Data Requests

The Federal Bureau of Investigation (FBI) has reported a significant rise in the misuse of Emergency Data Requests (EDRs) as the year 2023 nears its end. This trend, initially observed in August 2023, has led the FBI to issue a Private Industry Notification intended to alert U.S. businesses and law enforcement agencies about the growing issue.

Understanding Emergency Data Requests

EDRs are a legal tool that allows law enforcement to obtain crucial information from service providers during emergencies without requiring a subpoena. The information accessible through EDRs includes ownership details of websites and phone numbers. The misuse of EDRs gained notable attention after infosec journalist Brian Krebs reported on the issue in 2022. The FBI’s recent warning highlights a steady increase in underground forums offering guidance on exploiting EDRs for as little as $100.

Criminals are increasingly using compromised email addresses from both U.S. and foreign governmental entities to send fraudulent requests that appear legitimate. This has resulted in the unvetted release of personally identifiable information (PII) from U.S. businesses, making them vulnerable to various criminal activities, including extortion and social engineering. Cybercriminal groups, such as Lapsus$, have notably employed this technique, raising alarms about potential risks.

Recommendations for Organizations

The FBI’s notification aims to increase awareness about preventing account compromises. However, it does not specifically identify fraudulent EDRs. Organizations are encouraged to establish stronger relationships with local FBI field offices to mitigate risks associated with EDRs. They are also advised to review and update their incident response and communication plans in light of these evolving cyber threats.

Not all fraudulent EDR submissions result in successful data retrieval; some requests are denied. For example, PayPal received a fake Mutual Legal Assistance Treaty (MLAT) notice in March referencing a child trafficking investigation, but it was ultimately unfulfilled. The FBI recommends that companies receiving EDRs verify the validity of the legal codes referenced to prevent unauthorized data release.

Safeguarding Against Fraud

To safeguard against potential fraud, the FBI advises organizations to exercise critical thinking when evaluating EDRs. Reviewers should scrutinize documents for signs of tampering, such as altered signatures or logos. They should also ensure that legal codes in EDRs align with expectations from the originating authority. Discrepancies should raise suspicion, and the FBI suggests contacting the sender or the originating authority for clarification if doubts arise.

Threat researcher Jacob Larsen has highlighted that EDRs remain widely used and have become more accessible to a broader range of cybercriminals. The cost of submitting fraudulent EDRs has significantly decreased, facilitating exploitation. Additionally, EDRs are often used in conjunction with data obtained through other cybercriminal methods, such as infostealers and remote access trojans (RATs), further complicating the landscape of cybersecurity threats facing organizations today.

Original Source: Read the Full Article Here

Check out what's latest