The NJCCIC assesses with high confidence that educational institutions across the globe will remain attractive targets for a range of cyber-attacks designed to disrupt daily operations, steal sensitive data, instill fear in the community, and hold critical operational data for ransom.
The NJCCIC assesses with high confidence that organizations with insecure remote access configurations, including remote desktop protocol (RDP), Telnet, and SSH ports, on internet-facing servers are at an increased risk of network compromise, potentially resulting in data theft to network-wide ransomware infections.
The NJCCIC assesses with high confidence that capable threat actors—both politically-motivated state actors and their proxies, as well as profit-driven criminals—will increasingly leverage supply chain compromises to conduct network intrusions and attacks. These incidents could result in the exfiltration, manipulation, or destruction of data and disruption to daily operations and business continuity.
The NJCCIC assesses with high confidence that many organizations, in both the public and private sectors, continue to operate web applications (apps) and servers that are vulnerable to exploitation or attacks that could result in unauthorized access, disruption of services, theft of customer information, or manipulation of data.
The NJCCIC assesses with high confidence that fileless and “non-malware” intrusion tactics pose high risk to organizations, both public and private, and will be increasingly employed by capable threat actors intent on stealing data or establishing persistence on networks to support ongoing espionage objectives or to enable future acts of sabotage.
The NJCCIC assesses with high confidence that ransomware extortion incidents will likely result in greater operational disruptions, permanent data loss, and higher financial payouts in 2017, as profit-motivated cybercriminals increasingly seek higher profile targets—with more critical data and time-sensitive operations—raising the likelihood of larger ransom payments.
The NJCCIC assesses with high confidence the cyber threat and overall risk to the healthcare industry is high and increasing. In contrast to the large insurance breaches of 2015, assessed to be the work of Chinese threat actors conducting industrial espionage to support their largely state-run healthcare industry, profit-motivated hackers pose the greatest threat to the majority of healthcare organizations today.
The NJCCIC assesses with high confidence the greatest threats to US critical infrastructure are unpatched vulnerabilities, customized malware with no known signatures, and the compromise of user credentials to facilitate remote exploitation of network tools such as Remote Desktop Protocol.
The NJCCIC assesses with high confidence that financially motivated cyber threats targeting American consumers’ payment cards will remain high until the vast majority of point-of-sale (PoS) terminals in the United States are updated and certified to complete Europay, MasterCard, and Visa (EMV) transactions, as well as mobile payments.
The NJCCIC assesses with high confidence that a broad range of criminals, malicious hackers, and violent extremists will increasingly utilize the dark web—the underground Internet only accessible via special software that maintains the anonymity of users—to facilitate illicit activity, which will present threats to public safety as threat actors can securely communicate, conspire, and acquire materials or know-how.
The NJCCIC assesses with high confidence that profit-motivated cyber extortion schemes such as ransomware and ransom-demanding distributed denial of service (DDoS) threats are likely to persist as effective and lucrative criminal tactics into 2016, with cumulative US losses likely to continue climbing into the hundreds of millions of dollars.
The NJCCIC assesses with moderate confidence that many websites remain at high risk of cross-site scripting (XSS), one of the most commonly exploited web application security vulnerabilities. XSS is a code injection tactic–similar to SQL injection–in which a hacker inputs malicious code into a legitimate web application or website that is then executed in a user’s web browser, often to compromise user credentials or take control of the user’s session.
The NJCCIC assesses that organizations using Structured Query Language (SQL) for database management systems are at a high risk for SQL injection (SQLi) attacks unless the appropriate mitigation strategies are applied.
The NJCCIC assesses with high confidence that vulnerabilities, exploits, and malware variants targeting the Android operating system (OS) will continue to proliferate as Android maintains a majority share of the global mobile device market and users increasingly rely on mobile devices for email, web browsing, banking, and shopping – both for professional and personal use.