FBI Warns Gmail, Outlook Users Of $100 Government Emergency Data Email Hack
by Davey Winder · ForbesUpdate, Nov. 07, 2024: This story, originally published Nov. 06, now includes news of an Interpol operation that has shut down a massive email phishing and infostealer criminal network.
Following the offer for sale of high-quality government email addresses, with full credentials, on an underground cybercrime forum, with instructions on using them as part of an emergency data request attack for an additional $100, the Federal Bureau of Investigation has issued a warning to all email users. Suggesting that the credentials could be used for everything from espionage to data extortion or ransomware, the threat actor said that stolen subpoena documents enabling an attacker to pose as a law enforcement officer could also be purchased.
Compromised Government Email Credentials For Sale
The Federal Bureau of Investigation gas released a Private Industry Notification, PIN 20241104-001, warning of an ongoing cyber attack trend that uses compromised U.S. and foreign government email addresses. The attack modus operandi involves the use of fraudulent emergency data requests, which can request information to be supplied immediately by a business while bypassing additional reviews of the request for legitimacy, courtesy of their urgent nature, in order to expose sensitive information.
The threat type itself, even as a particularly sophisticated and somewhat complex twist on simpler phishing attacks, is not new but the increased volume of postings offering both the compromised credentials themselves and the knowledge required to exploit them is.
MORE FROMFORBES ADVISOR
Best High-Yield Savings Accounts Of 2024
By
Kevin Payne
Contributor
Best 5% Interest Savings Accounts of 2024
By
Cassidy Horton
Contributor
The Email Compromise Crime Timeline
The FBI noted that the first sales in relation to an emergency data request notification hacking scam was more than a year ago in Aug. 2023. At this time the detailed instructions were being offered for $100 on the dark web. By Oct. 2023, another cyber criminal was offering compromised government email addresses to be used alongside these instructions. These, in effect, allowed the hacker to seem like a law enforcement officer for all intents and purposes. This quickly meant that the methodology here was used as an initial access sector, and sold by brokers to the ransomware trade. In Dec. 2023, campaigns using the method were uncovered where supposed law enforcement officers or government officials were using the likely death of an individual if the information was not provided immediately.
Fast forward to now, and cyber criminals claiming ownership of compromised government emails across 25 countries were offering the complete package, including U.S. credentials and the real but stolen subpoena documents.
FBI Mitigations Against Emergency Data Request Email Attacks
The FBI alert comes complete with mitigations as follows:
- Review the security posture of all third-party vendors associated with your organization.
- Monitor external connections.
- Implement an incident recovery plan.
- Apply critical thinking to any emergency data requests received.
- Use strong password protocols.
- Use secure password storage.
- Use two-factor authentication.
- Configure accounts according to the principle of least privilege.
- Secure Remote Desktop protocol usage.
- Segment networks.
- Keep all software and operating systems up to date.
Perhaps the most critical of all of these is, appropriately enough, to apply critical thinking. Fraudsters and hackers alike rely upon knee-jerk reactions, using time-constrained instructions, to get you to do something that ordinarily you might be suspicious of. Following the instructions in an emergency data request email out of the blue, without getting confirmation of origin and having a second pair of eyes to authenticate, is just the kind of scenario an attacker loves. Take this FBI warning seriously or it might just cost your dearly.
Operation Synergia II Takes Down Massive Email Phishing And Infostealer Criminal Network Across 95 Countries, 41 Arrests Made
There is some good news from law enforcement this week: a joint effort between Interpol and international agencies has disrupted a massive criminal enterprise encompassing email phishing threats, ransomware and infostealer malware. Operation Synergia II took down 22,800 suspicious IP addresses, seized control of 59 servers, confiscated 43 devices including laptops and smartphones, and led to the arrest of 41 individuals with a further 65 still under current investigation. To say that the operation was a success is something of an understatement.
Group-IB which shared threat intelligence tracking illegal cyber activity to help with the identification of thousands of the malicious servers. One of the commercial partners involved in the operation was Group-IB which shared threat intelligence tracking illegal cyber activity to help with the identification of thousands of the malicious servers. “Together, we’ve not only dismantled malicious infrastructure but also prevented hundreds of thousands of potential victims from falling prey to cybercrime,” said Neal Jetton, director of the cybercrime directorate at Interpol. "We are proud to have contributed to Operation Synergia II by supporting Interpol and law enforcement agencies from member countries in the disruption of malicious infrastructure and preventing cybercrimes,” said Dmitry Volkov, CEO of Group-IB.
The malicious infrastructure used by the threat actors was distributed across more than 200 web hosting providers worldwide. One can only imagine the number of phishing emails that were distributed during the course of this criminal campaign. Cybercrime is like a hydra with many heads; just because one has been removed doesn’t mean you are safe from the others. Keep alert to email threats and follow the mitigation advice from the FBI.