The Federal Bureau of Investigation (FBI) has issued a critical warning to Gmail, Outlook, and other email users following a surge in a sophisticated cyberattack that exploits compromised government email credentials. According to the FBI, malicious actors have been offering stolen government email credentials on underground cybercrime forums for as low as $100. These credentials are accompanied by step-by-step guides on using them for fraudulent "emergency data requests" to gain unauthorized access to private information.

Emergency data requests are typically urgent requests for information, allowing the requester to bypass standard review protocols due to the supposed immediacy of the situation. Cybercriminals are exploiting this by posing as government officials or law enforcement personnel, leveraging the urgency of these requests to pressure businesses into releasing sensitive data without additional verification.

The FBI's alert, known as Private Industry Notification (PIN) 20241104-001, highlights that this tactic has been a rising threat, with initial sightings of it in mid-2023. By October of that year, compromised government email accounts were already being used to send fraudulent requests, with cybercriminals able to impersonate government officials. This method is not only used for traditional phishing but also serves as an entry point for ransomware attacks and data extortion.

With compromised email credentials from government officials across 25 countries now reportedly available on dark web forums, this type of attack has quickly become an attractive tool in the cybercriminal arsenal. The FBI warns that these emails, which may include real but stolen subpoena documents, have the potential to create devastating breaches of privacy and security across industries.

In a significant development, Interpol has announced the success of Operation Synergia II, which targeted a vast criminal network involved in email phishing, ransomware, and infostealer malware. This operation, conducted in collaboration with international law enforcement agencies, resulted in the takedown of 22,800 suspicious IP addresses, the seizure of 59 servers, and the confiscation of 43 devices including laptops and smartphones. A total of 41 individuals have been arrested, with investigations still ongoing for an additional 65 suspects.

This global operation, spanning 95 countries, underscores the scale and reach of modern cybercrime. The network in question utilized infrastructure distributed across more than 200 web hosting providers worldwide, enabling the widespread distribution of phishing emails designed to steal sensitive information and install malware.

Group-IB, a cybersecurity firm, played a crucial role in the operation by sharing threat intelligence that helped identify thousands of malicious servers. "Together, we’ve not only dismantled malicious infrastructure but also prevented hundreds of thousands of potential victims from falling prey to cybercrime," said Neal Jetton, director of the cybercrime directorate at Interpol. Dmitry Volkov, CEO of Group-IB, echoed these sentiments, emphasizing the importance of international cooperation in combating cyber threats.

Despite this victory, the FBI cautions that the battle against cybercrime is far from over. The agency urges organizations to remain vigilant and to follow recommended mitigations, including:

• Regularly reviewing the security posture of third-party vendors

• Monitoring external connections for suspicious activity

• Implementing robust incident recovery plans

• Applying critical thinking to emergency data requests

• Using strong password protocols and secure password storage

• Enforcing two-factor authentication

• Configuring accounts according to the principle of least privilege

• Securing Remote Desktop Protocol (RDP) usage

• Segmenting networks

• Keeping all software and operating systems up to date

Above all, the FBI stresses the importance of critical thinking when dealing with emergency data requests. Fraudsters rely on creating a sense of urgency to prompt hasty decisions. Ensuring that such requests are verified and authenticated by multiple parties can significantly reduce the risk of falling victim to these sophisticated scams.

The disruption of this extensive criminal network is a reminder of the persistent and evolving nature of cyber threats. By staying informed and adhering to cybersecurity best practices, individuals and organizations can better protect themselves against potential attacks.

You can read the original article here.