Typically, cybercriminals rarely choose law enforcement as a direct target. However, according to a new survey by cybersecurity firm Resecurity, there was a significant increase in malicious activity against law enforcement agencies globally at the beginning of the second quarter of 2022. Attackers are keen to break into the email and other account systems of law enforcement officials and their insiders. So the writer warn law enforcement to do best in data disaster and recovery.
The most common cyberattacks against law enforcement include attackers sending fake subpoenas and EDRs (Emergency Data Requests) to victims from hacked law enforcement email accounts. In this way, attackers were able to obtain more sensitive information on targeted users of major tech companies such as Apple, Facebook (Meta), Snapchat and Discord, including details that could be or are being used for extortion or cyber espionage. Such incidents are particularly prominent in the activities of cybercriminal groups such as LAPSUS$ and the Recursion Group.
Global law enforcement data breaches hit peak
According to Resecurity’s investigation of multiple darknet markets where cybercriminals profit by selling credentials (emails, VPNs, SSOs, credentials, keys, etc.) of the police of different countries. The price of such accounts is usually no different from other stolen accounts, ranging from $20 to $35, but in some cases accounts with greater access may be sold for $1,000 to $10,000 .
In 2021, outlaws released data purportedly from an unnamed law enforcement system in Turkey. It is worth noting that as early as six years ago, a hacker under the pseudonym ROR released a large amount of data belonging to the database of the Turkish National Police, which is believed to contain a large amount of sensitive private information.
A Bloomberg article not long ago reported that hackers posed as Bangladesh police (but using real police mail accounts) to send emails with fake EDR requests, illustrating the enormous risks of this attack tactic.
On July 5, 2022, attackers provided access to Indian law enforcement portals and Indian government resources. Based on further analysis, it is likely that the credentials and related data provided by the attackers have been leaked by password stealers such as Mars Stealer, X-Files Stealer or Azorult.
The attackers also released a database of road traffic and vehicles in Kazakhstan that they may have obtained from law enforcement systems. This access allows for “lookup” of car numbers, vehicle registrations, and other PII information related to citizens. Such information is also available for a fee on the dark web in different geographic regions. “Inquiry” fees range from $50 to $250.
According to experts, one of the biggest concerns in the cybersecurity industry right now is the existence of glaring security gaps in the IT infrastructure of law enforcement, which poses significant risks to society, not only in cyberspace but also in real life. in this way. Organised crime, terrorist and extremist groups may use such access for malicious purposes.
For example, cybercriminals are beginning to abuse law enforcement databases and offer various illegal services on the dark web, posing significant risks to user privacy. Using unauthorized access or internal contacts, they were able to extract sensitive information and monetize it underground. On July 3, 2022, investigators discovered that there were criminals selling the “find” service for 500 euros (per query/per person).
The trend is continuing to prevail as more law enforcement organizations are affected by cyberattacks this month. Just recently, the Conti ransomware group claimed to have attacked Peru’s intelligence services and leaked their data, setting an important precedent in the security community. Another well-known threat group, DDOS Secrets, has released 285,635 leaked emails from Nauru police.
Five Attack Scenarios Against Law Enforcement
The most typical scenarios currently involving attacks on law enforcement systems around the world include:
Unauthorized access (25%)
Cyber espionage (40%)
Law enforcement system and app abuse (8%)
Data theft (12%)
According to published research, such malicious activity is particularly evident in Latin America, Southeast Asian countries, and offshore jurisdictions. Last year, hacking groups attacked two law enforcement groups in the Middle East under the noses of an international police group.
“Sophisticated attackers and APT groups are actively targeting law enforcement agencies around the world. Traditional cybercriminals are also actively involved, as state-sponsored actors may be actively working with them for further planned cyberattacks and targeted Sexual cyber intrusions. The investigation of such incidents is a complex process due to the significant sensitivities involved,” Resecurity noted.
With regular reports of ransomware attacks and firms being targeted from all walks of life, cybersecurity is becoming an increasingly important issue for businesses to focus on. You must secure your data regardless of your industry. Only by assuring the security of enterprise data can we provide adequate protection for consumers and ourselves, as well as enhance enterprise smooth operation. Virtual machine backup is a common data protection method these days. Many businesses use VMware Backup to preserve their data since it is simple to maintain and inexpensive.