Cybernews reports that U.S. companies have been warned by the FBI regarding the spike in fraudulent emergency data requests spoofing law enforcement agencies that seek to compromise sensitive information despite the disruption of the Lapsus$ threat operation.
Most recent evidence of ramping EDR exploitation was a posting of "high-quality" .gov emails, including U.S. credentials, on a hacking forum in August, with the known threat actor offering guidance on EDRs and the sale of legitimate subpoena documents to impersonate law enforcement, according to the FBI. Other schemes involved a cybercriminal operation asserting ownership over government emails across more than 25 countries, as well as threat actors delivering fake EDRs and helping with the creation and submission of phony EDRs to infiltrate any account on social media sites. Mounting EDR exploitation by threat actors should prompt increased vigilance among organizations, which have been urged to critically examine received EDRs' legal codes and evaluate third-party vendors' security postures.