FBI: Easy Access to Information for Conducting Fraudulent Emergency Data Requests Impacts US-Based Companies and Law Enforcement Agencies


The Federal Bureau of Investigation (FBI) is releasing this Private Industry Notification to highlight a trend of compromised US and foreign government email addresses used to conduct fraudulent emergency data requests to US-based companies, exposing personally identifying information (PII).

While the concept of fraudulent emergency data requests was previously used by other threat actors, such as Lapsus$, the increase in postings on criminal forums regarding the process of emergency data requests and sale of compromised credentials has led to an increase of their use. The FBI encourages organizations to implement the recommendations in the Mitigations section to reduce the likelihood and impact from submission of fraudulent emergency data requests to attempt to gain unauthorized access to PII.

Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division


Sign up for our Newsletter


Related:

  • States vie for Israeli cyber security investment as CyberGym heads downunder

    February 20, 2017

    State governments are jostling to win a major cyber security investment from the multibillion-dollar Israeli government-owned electricity company, as the business implications of Prime Minister Benjamin Netanyahu’s first Australian visit begin to take shape. Ofer Bloch, chief executive of the Israel Electric Corporation (IEC), was in Australia with the Prime Minister’s accompanying delegation of business leaders ...

  • Study reveals cybersecurity readiness gaps in US oil and gas industry

    February 16, 2017

    A survey of US oil and gas cybersecurity risk managers indicates that the deployment of cybersecurity measures in the industry isn’t keeping pace with the growth of digitalization in oil and gas operations. In a study from the Ponemon Institute – The State of Cybersecurity in the Oil & Gas Industry: United States – just ...

  • Government Needs To Take Immediate Actions To Strengthen US Cybersecurity, GAO Says

    February 14, 2017

    Testifying before the House Subcommittee on Research and Technology, Committee on Science, Space and Technology today, Gregory C. Wilshusen, Director, Government Accountability Office (GAO) Information Security Issues, warned GAO “has consistently identified shortcomings in the federal government’s approach to ensuring the security of federal information systems and cyber critical infrastructure, as well as its approach to protecting ...

  • Cybersecurity alliance promoting intel-sharing seeks to expand

    February 14, 2017

    Hackers have probably had a harder time slipping past your security software, thanks to an alliance between some of the top vendors in the industry. The Cyber Threat Alliance, a group of security firms that often compete, says its efforts to share intelligence on the latest hacking threats have been paying off. Rivals including Fortinet, Intel Security, ...

  • Incident Response Plans: A Comparison of US Law, EU Law and Soon-To-Be EU Law

    February 3, 2017

    The best way to handle any emergency is to be prepared. When it comes to data breaches, incident response plans are the first step organizations take to prepare. In the United States, incident response plans are commonplace. Since 2005, the federal banking agencies have interpreted the Gramm-Leach-Bliley Act as requiring financial institutions to create procedures for ...

  • Pentagon Servers Flawed, Easy to Hack

    February 1, 2017

    The U.S. Department of Defense could be at risk of being attacked by hackers quite easily, one security researcher warns. According to ZDNet, who cites Dan Tentler, founder of cybersecurity firm Phobos Group, several misconfigured servers run by the DoD could allow hackers easy access to internal government systems. That includes foreign actors eager to find ...