The FBI has issued a warning that cybercriminals are fraudulently sending “Emergency Data Requests” (EDRs) impersonating law enforcement (and other U.S. officials) EDRs are a legal way for police and other agencies to obtain information from businesses in an “emergency” situation without a warrant or subpoena. methods.

EDR is supposed to be used in life-or-death moments, but apparently hackers are using EDR to bypass corporate safeguards and quickly obtain sensitive data.

In the FBI's Notice to Private Companies, the FBI explains that unauthorized requests are on the rise. “The concept of unauthorized emergency data requests has long been used by other threat actors such as Lapsus$, but its use has increased due to an increase in postings in criminal forums about the emergency data request process and the sale of compromised credentials."

The FBI has also noted that the use of EDRs has been increasing.

The threat actor, Lapsus$, was an extortion group that apparently pioneered the use of EDRs to obtain information.

According to the alert, the request began to be renewed in August of this year, when a known cybercriminal in an online forum posted a sale of “high quality .gov emails for spying/social engineering/data extortion/dada requests etc.” containing US credentials. The poster noted that he could induce buyers through EDRs and sell stolen authentic subpoenas posing as law enforcement officers.

The notice also mentioned other crimes involving hackers who “bragged” that they could procure leaks of government emails across 25 countries and obtain mountains of personal information.

The problem is that hackers are targeting businesses, which we as purchasers have no control over; the FBI has published a list of “mitigation measures” that businesses can use to reduce the damage caused by hackers.

These include double-checking the security posture of third-party connections that interact with the system, including external and remote connections. They also recommend paying attention to EDRs that emphasize the urgency of the request and checking details for inconsistencies or deceptions. For additional recommendations, see the entire list of mitigation measures beginning on page 3 of this document.

As with many data breaches and frauds, we have a degree of blind faith in the affected companies to protect our data. This means that we need to be vigilant when we see reports of data breaches or companies that have been hacked. We also want to pay attention to our mailboxes in case a company sends us a physical notification of an information breach.

In the event of a personal or financial data breach, you want to closely monitor all of your financial accounts for signs of fraud. If your Social Security number was also taken out, fraudsters could use it to apply for loans, apply for jobs, or commit further crimes in your name. This is one of the many reasons why identity theft is so frightening and damage recovery so much more difficult.

In addition, you want to pay attention to your inbox, messages, and social accounts, as hackers may try to use your information to get more out of you. Be on the lookout for emails from unknown senders or with blank subject lines. If it looks suspicious or tries to make you act urgently, do not reply, click on the link, or download the attachment. It is best to delete it.