Changes to the NJ Threat Landscape

Summary

The NJCCIC observed attempts to deliver malware to NJ state employees consistent with open-source reporting, as well as an increase in incident reports from NJ businesses, organizations, and citizens.  These malicious attempts include phishing emails, banking and information stealers, and ransomware, or a combination of these. Of interest and worth highlighting are email campaigns intending to deliver both trojans and ransomware. These emails include Microsoft Word or Excel attachments that, if clicked and macros are enabled, will download both the Zloader banking trojan and Buran/Zeppelin ransomware. The subject line of these emails contains key words, such as documents, papers, files, and info. Furthermore, over the past week, there has been a substantial increase in incident reports submitted to the NJCCIC, particularly related to ransomware. The variants implicated in these ransomware incidents are atypical and less prevalent than those commonly reported to the NJCCIC. 

Recommendations

The NJCCIC recommends users and organizations educate themselves and others on these continuing threats and tactics to reduce victimization. Users are advised to exercise caution with links and attachments received from unknown contacts, navigate directly to authentic vendor websites, keep applications up to date, enable multi-factor authentication where available, implement a defense-in-depth cybersecurity strategy, ensure a comprehensive data backup plan is established, and apply the additional recommendations provided in the NJCCIC Ransomware: Risk Mitigation Strategies guide. We also recommend reviewing the NJCCIC product Don’t Take the Bait! Phishing and Other Social Engineering Attacks and the NJCCIC’s Cybersecurity Best Practices webpage for more information on how to keep accounts and data safe.