Resecurity, a Los Angeles-based cybersecurity company that protects Fortune 500 companies globally, recorded an increase in malicious activity targeting law enforcement early in the second quarter of 2022. Threat actors are hacking e emails and other accounts belonging to law enforcement and their systems.
The emerging trend is for threat actors to send fake subpoenas and EDRs (Emergency Data Requests) to their victims from hacked law enforcement email accounts. Using these capabilities, threat actors target big tech companies such as Apple, Facebook (Meta), Snapchat, and Discord, to name a few, to collect sensitive information about cyber targets. interest. Responses received by malicious actors contain sensitive details that could/are used for extortion or cyber espionage purposes. Such incidents have become particularly notable in the activities of cybercriminal groups such as LAPSUS$ and Recursion Group.
Resecurity has observed several Dark Web marketplaces where cybercriminals monetize their efforts by selling credentials belonging to police officers from various foreign countries (emails, VPNs, SSO, etc.). An example of an email account previously used to send fake EDR requests on behalf of the Bangladesh Police was recently covered in a Bloomberg article illustrating the risk of such tactics.
According to expert opinion, one of the biggest concerns is the visible insecurity of law enforcement IT infrastructure, such infrastructure creates a significant risk to our society, not only in cyberspace but also in real life. Organized crime, terrorists and extremist groups can exploit this access for malicious purposes.
The trend continues to grow in popularity as more law enforcement organizations have been hit by cyberattacks this month. Just recently, the Conti ransomware group claimed to have attacked the Intelligence Agency in Peru and leaked its data, which set an important precedent in the security community. DDOS Secrets – another notable group of threat actors, released 285,635 leaked Nauru Police emails.
The most typical scenarios involving attacks on law enforcement systems include:
- Protest activity (15%)
- Unauthorized access (25%)
- Cyber espionage (40%)
- Abuse of law enforcement systems and apps (8%)
- Data theft (12%)
According to published research, such malicious activity is particularly visible in countries in Latin America, Southeast Asia, and offshore jurisdictions. Last year, Resecurity recorded a targeted security incident linked to one of the law enforcement organizations in the Middle East and its counterpart facing one of the international police organizations.
“Sophisticated malicious actors and APT groups are actively targeting law enforcement around the world. Traditional cybercriminals are also an important part of this process, as state-sponsored actors can actively collaborate with them for new planned cyberattacks and targeted network intrusions. Investigating such incidents is a complicated process due to the high sensitivity involved,” said Christian Lees, CTO of Resecurity.
Resecurity is committed to protecting consumers and businesses worldwide and actively participates in public-private partnerships to share actionable cyber threat intelligence (CTI) with financial institutions, technology companies and law enforcement to to minimize the risk of credentials being compromised and data breaches occurring.