Threat Analysis Reports

View our latest publications below. You can also register for our NJCCIC membership, and we'll deliver these alerts straight to your inbox. Sign up here.

EXPLORE  >

TLP: WHITE | The NJCCIC assesses with high confidence that software supply chain vendors are at risk from local and foreign threat actors infiltrating strong security systems of organizations through the exploitation of an established and trusted distribution channel. General software update attacks can lead to supplementary targeted campaigns of ...

TLP: WHITE | The NJCCIC assesses with high confidence that the maritime sector, to include ports, vessels, and shipping companies across the globe, will remain an attractive target for a range of cyber-attacks designed to disrupt daily operations, steal sensitive data, instill fear in the community, and hold critical operational ...

TLP: WHITE | The NJCCIC assesses with high confidence that educational institutions across the globe will remain attractive targets for a range of cyber-attacks designed to disrupt daily operations, steal sensitive data, instill fear in the community, and hold critical operational data for ransom. Summary In October 2017, the US ...

TLP: WHITE | The NJCCIC assesses with high confidence that organizations with insecure remote access configurations, including remote desktop protocol (RDP), Telnet, and SSH ports, on internet-facing servers are at an increased risk of network compromise, potentially resulting in data theft or network-wide ransomware infections. Summary Since late 2016, the ...

TLP: WHITE | The NJCCIC assesses with high confidence that capable threat actors—both politically-motivated state actors and their proxies, as well as profit-driven criminals—will increasingly leverage supply chain compromises to conduct network intrusions and attacks. These incidents could result in the exfiltration, manipulation, or destruction of data and disruption to ...

TLP: WHITE | The NJCCIC assesses with high confidence that many organizations, in both the public and private sectors, continue to operate web applications (apps) and servers that are vulnerable to exploitation or attacks that could result in unauthorized access, disruption of services, theft of customer information, or manipulation of ...

TLP: WHITE | The NJCCIC assesses with high confidence that fileless and “non-malware” intrusion tactics pose high risk to organizations, both public and private, and will be increasingly employed by capable threat actors intent on stealing data or establishing persistence on networks to support ongoing espionage objectives or to enable ...

TLP: WHITE | The NJCCIC assesses with high confidence that organizations with insecure remote desktop protocol (RDP) configurations on their networks are at risk of infection with CrySiS ransomware and other variants that opportunistically seek out networks with poorly authenticated RDP access. Summary Since the beginning of 2017, 64 percent ...

TLP: WHITE | The NJCCIC assesses with high confidence that ransomware extortion incidents will likely result in greater operational disruptions, permanent data loss, and higher financial payouts in 2017, as profit-motivated cybercriminals increasingly seek higher profile targets—with more critical data and time-sensitive operations—raising the likelihood of larger ransom payments. Summary ...

TLP: WHITE | The NJCCIC assesses with high confidence that botnets formed by compromised ‘internet-of-things’ (IoT) devices will almost certainly lead to more frequent, more disruptive distributed denial of service (DDoS) attacks, many of which will initially lack a clear motive behind the selection of targets. Summary While state-sponsored actors ...

TLP: WHITE | The NJCCIC assesses with high confidence the cyber threat and overall risk to the healthcare industry is high and increasing. In contrast to the large insurance breaches of 2015, assessed to be the work of Chinese threat actors conducting industrial espionage to support their largely state-run healthcare ...

TLP: WHITE | The NJCCIC assesses with high confidence the greatest threats to US critical infrastructure are unpatched vulnerabilities, customized malware with no known signatures, and the compromise of user credentials to facilitate remote exploitation of network tools such as Remote Desktop Protocol. Summary Standard antivirus solutions and passive defense ...

TLP: WHITE Summary The NJCCIC assesses with high confidence that financially motivated cyber threats targeting American consumers’ payment cards will remain high until the vast majority of point-of-sale (PoS) terminals in the United States are updated and certified to complete Europay, MasterCard, and Visa (EMV) transactions, as well as mobile ...

TLP: WHITE Summary The NJCCIC assesses with high confidence that a broad range of criminals, malicious hackers, and violent extremists will increasingly utilize the dark web—the underground Internet only accessible via special software that maintains the anonymity of users—to facilitate illicit activity, which will present threats to public safety as ...

TLP: WHITE Summary The NJCCIC assesses with high confidence that many businesses, schools, government agencies, and home users will remain at high risk of ransomware infections throughout 2016, as financially-motivated hackers continue to innovate and expand the targeting scope of their extortion campaigns. The most prevalent form of this profit-driven ...

TLP: WHITE Summary Intelligence agencies and cybersecurity researchers are investigating a power outage that occurred in Western Ukraine on December 23, specifically whether or not malware discovered on the targeted utility’s network played a direct role in impacting the electric grid. If malware is confirmed to have caused the outage, ...

TLP: WHITE Summary The NJCCIC assesses with high confidence that profit-motivated cyber extortion schemes such as ransomware and ransom-demanding distributed denial of service (DDoS) threats are likely to persist as effective and lucrative criminal tactics into 2016, with cumulative US losses likely to continue climbing into the hundreds of millions ...

TLP: WHITE Summary The NJCCIC assesses with moderate confidence that many websites remain at high risk of cross-site scripting (XSS), one of the most commonly exploited web application security vulnerabilities. XSS is a code injection tactic–similar to SQL injection –in which a hacker inputs malicious code into a legitimate web ...

TLP: WHITE Summary The NJCCIC assesses that organizations using Structured Query Language ( SQL ) for database management systems are at a high risk for SQL injection (SQLi) attacks unless the appropriate mitigation strategies are applied. SQL is the standard computer language used to conduct various functions such as querying ...

TLP: WHITE Summary On October 13, 2015 a New Jersey business discovered an infection of a point-of-sale (PoS) malware variant, detected by antivirus software as lanst.exe, one of many variants commonly known as Dexter. It remains definitively unclear how an employee laptop was initially exposed to the malware, though the ...

TLP: WHITE Summary The NJCCIC assesses with high confidence that vulnerabilities, exploits, and malware variants targeting the Android operating system (OS) will continue to proliferate as Android maintains a majority share of the global mobile device market and users increasingly rely on mobile devices for email, web browsing, banking, and ...

TLP: WHITE Summary The NJCCIC assesses New Jersey’s higher education institutions are increasingly attractive targets for a range of cyber threat actors due to breadth and value of data available on their largely accessible and often vulnerable networks. One of the key cybersecurity challenges facing universities stems from their reliance ...

TLP: WHITE Summary The NJCCIC assesses with high confidence the cyber risk to the oil and gas industry is high and the energy sector at large is a priority target of foreign intelligence services. While state-sponsored groups have demonstrated the capability to launch cyberattacks that cause physical damage to energy ...

TLP: WHITE Summary For several years, cybersecurity firms and the U.S. intelligence community have warned of the increasing frequency and scope of targeted cyber-attacks conducted by state-sponsored actors and sophisticated cyber-criminal groups – often referred to as Advanced Persistent Threats, or APTs. These groups are known to be well-resourced and ...

TLP: WHITE Summary Since first appearing around 2006, exploit kits (EK) have evolved into one the most prevalent web-based vectors for malware distribution and a threat facing nearly all internet users. An EK is a malicious toolkit designed to distribute different malware variants by exploiting common vulnerabilities found in outdated ...

TLP: WHITE Summary Point-of-Sale (PoS) malware breaches attracted wide media coverage throughout 2014 when at least thirteen major U.S. retailers suffered payment card data breaches, the largest affecting approximately 110 million customers. Although PoS incidents have largely remained out of the headlines thus far in 2015, payment card breaches have ...

TLP: WHITE Summary Critical infrastructure sites are increasingly vulnerable to cyberattack as the systems that run them become more accessible, interconnected, and reliant on cyberspace. The risks posed to Industrial Control System and Supervisory Control and Data Acquisition (ICS/SCADA) systems will continue to heighten as new and existing vulnerabilities are ...

TLP: WHITE Summary The NJCCIC assesses ransomware infections will continue to increase steadily and pose a threat to the public and private sector, as well as home users, as the technical barriers to conduct these cybercrime campaigns continue to drop and the return on investment for cybercriminals remains extremely high. ...

TLP: WHITE Summary China’s ability to access four million federal employees’ personal information within the US Office of Personnel Management (OPM)—including social security numbers, job assignments, performance ratings, and training history—highlights Beijing’s status as the US’s leading cyber adversary. The breach, which OPM detected in April, does not appear to ...

TLP: WHITE Summary Patients’ and employees’ medical, personal, and financial data are increasingly attractive to cyber criminals because of the elevated value of healthcare data on the black market, as well as the health sector’s rapid transition to electronic health records and patchy security standards. Last year, the healthcare sector ...

New Jersey Cybersecurity & Communications Integration Cell

2 Schwarzkopf Dr, Ewing Township, NJ 08628

njccic@cyber.nj.gov

OUR COMMITMENT

The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

Agency Seals of State of NJ, NJOHSP and NJCCIC

STAY CONNECTED:

View our Privacy Policy here.

View our Site Index here.