Fake emergency data requests (EDRs) are the cyber threat of discussion. Hackers using cookies to manipulate data requests and social media, IT firms are not left out.
Among countless vulnerabilities we have today, cookies exploit one of the dangerous ones. It is a default mechanism to browse the web. Fake “Emergency Data Requests” are a terrifying method of conducting criminal activities.
Government bodies, police departments and other private services across the map are suffering from the fraudulent activities of threat actors. Two of the largest tech firms, Facebook from Meta and Apple Inc., were victims of cookie exploits where user data was compromised. According to Bloomberg, Apple and Meta gave out customer information such as phone numbers, IP addresses, and physical addressees while being compromised.
While we are pretty familiar with a different variant of cyber-attacks, the cookie exploits directly impacting big tech are new. There was a different version of cookie modification where users could remove their browsing cookies for privacy or conduct experimental activities. Conversely, cookie data can reveal sensitive information such as personal identifiers, transactions, etc.
EDR is used by law enforcement agencies and the government in collaboration with telecommunication companies and technology services providers for particular customers. There was no need to warrant a subpoena for this data reveal. The procedure occurs if the case is too severe or a life-and-death situation. Considering this fact, we can see what type of data it can leak and, on the wrong hand, how devastating it can be.
Due to sudden circumstances, the Federal Law investigation authority has given unconditional attention to the new variant of exploit making headlines. Most of the major companies that have an online presence serve many customers. Most of them receive the services online. Even though they routinely review and process requests, they are typically granted by default. As proper documentation, validation data matches with ones stored on servers. There are also authentication methods that remove the hassle of checking multiple times if the services are appropriate. It has crippled some tactical or conventional ways we search for vulnerability.
As hacks are getting more intelligent, they leave typical ways to look for vulnerability and figure out there is no quick and easy way to exploit. Gaining access to critical email addresses, hackers send fake EDR requests and an attestation so that regular individuals like us suffer.
According to the US department of justice’s former prosecutor Mark Rasch, “there is no real mechanism defined by most internet service providers or tech companies to test the validity of a search warrant or subpoena.” So, if that just looks right, companies and regular people fall for it. Who would question government inquiry, right?
A Ransomware group called “Hive” recently stole 850,000 personally indefinable information (PII) records using the same tactics. Records from non-profit healthcare can be kind of messy situation. The healthcare group is in partnering with HealthPlan of California.
To learn more regarding cybersecurity:
- Top 5 Windows threats limiting an organisation’s true IT potential
- Cybersecurity Trend Report: XDR Detection and Response Beyond The Endpoint
- 5 Tips For Defending Against Ransomware
According to the healthcare groups’ shared information, third-party forensic investigators are still looking at the incidents and were not interested in sharing further information. The FBI and security researchers started paying attention to the new exploit in June 2021, when ransomware attacks on healthcare started to rise.
Shutterfly fell victim to a similar attack in 2021, where cybercriminals stole employee data. Documents were filed in the California Attorney General’s office, where they talked about “unauthorised third-party” access.
The official statement from Shutterfly Inc. is published here.
EDR vulnerability needs proper tending, and browser settings pushed by the service should reconsider gathering information. An account named “InfinityRecusion” was posted to sell a government email for $150, which “can be used for a subpoena for many companies such as Apple, Uber, Instagram, etc.”