The NJCCIC assesses with high confidence that software supply chain vendors are at risk from local and foreign threat actors infiltrating strong security systems of organizations through the exploitation of an established and trusted distribution channel. General software update attacks can lead to supplementary targeted campaigns of specific regions, sectors, or personnel.
Read MoreThe NJCCIC assesses with high confidence that the maritime sector, to include ports, vessels, and shipping companies across the globe, will remain an attractive target for a range of cyber-attacks designed to disrupt daily operations, steal sensitive data, instill fear in the community, and hold critical operational data for ransom.
Read MoreThe NJCCIC assesses with high confidence that educational institutions across the globe will remain attractive targets for a range of cyber-attacks designed to disrupt daily operations, steal sensitive data, instill fear in the community, and hold critical operational data for ransom.
Read MoreThe NJCCIC assesses with high confidence that organizations with insecure remote access configurations, including remote desktop protocol (RDP), Telnet, and SSH ports, on internet-facing servers are at an increased risk of network compromise, potentially resulting in data theft to network-wide ransomware infections.
Read MoreThe NJCCIC assesses with high confidence that capable threat actors—both politically-motivated state actors and their proxies, as well as profit-driven criminals—will increasingly leverage supply chain compromises to conduct network intrusions and attacks. These incidents could result in the exfiltration, manipulation, or destruction of data and disruption to daily operations and business continuity.
Read MoreThe NJCCIC assesses with high confidence that many organizations, in both the public and private sectors, continue to operate web applications (apps) and servers that are vulnerable to exploitation or attacks that could result in unauthorized access, disruption of services, theft of customer information, or manipulation of data.
Read MoreThe NJCCIC assesses with high confidence that fileless and “non-malware” intrusion tactics pose high risk to organizations, both public and private, and will be increasingly employed by capable threat actors intent on stealing data or establishing persistence on networks to support ongoing espionage objectives or to enable future acts of sabotage.
Read MoreThe NJCCIC assesses with high confidence that organizations with insecure remote desktop protocol (RDP) configurations on their networks are at risk of infection with CrySiS ransomware and other variants that opportunistically seek out networks with poorly authenticated RDP access.
Read MoreThe NJCCIC assesses with high confidence that ransomware extortion incidents will likely result in greater operational disruptions, permanent data loss, and higher financial payouts in 2017, as profit-motivated cybercriminals increasingly seek higher profile targets—with more critical data and time-sensitive operations—raising the likelihood of larger ransom payments.
Read MoreThe NJCCIC assesses with high confidence that botnets formed by compromised ‘internet-of-things’ (IoT) devices will almost certainly lead to more frequent, more disruptive distributed denial of service (DDoS) attacks, many of which will lack a clear motive behind the selection of targets.
Read MoreThe NJCCIC assesses with high confidence the cyber threat and overall risk to the healthcare industry is high and increasing. In contrast to the large insurance breaches of 2015, assessed to be the work of Chinese threat actors conducting industrial espionage to support their largely state-run healthcare industry, profit-motivated hackers pose the greatest threat to the majority of healthcare organizations today.
Read MoreThe NJCCIC assesses with high confidence the greatest threats to US critical infrastructure are unpatched vulnerabilities, customized malware with no known signatures, and the compromise of user credentials to facilitate remote exploitation of network tools such as Remote Desktop Protocol.
Read MoreThe NJCCIC assesses with high confidence that financially motivated cyber threats targeting American consumers’ payment cards will remain high until the vast majority of point-of-sale (PoS) terminals in the United States are updated and certified to complete Europay, MasterCard, and Visa (EMV) transactions, as well as mobile payments.
Read MoreThe NJCCIC assesses with high confidence that a broad range of criminals, malicious hackers, and violent extremists will increasingly utilize the dark web—the underground Internet only accessible via special software that maintains the anonymity of users—to facilitate illicit activity, which will present threats to public safety as threat actors can securely communicate, conspire, and acquire materials or know-how.
Read MoreThe NJCCIC assesses with high confidence that many businesses, schools, government agencies, and home users will remain at high risk of ransomware infections throughout 2016, as financially-motivated hackers continue to innovate and expand the targeting scope of their extortion campaigns.
Read MoreIntelligence agencies and cybersecurity researchers are investigating a power outage that occurred in Western Ukraine on December 23, specifically whether or not malware discovered on the targeted utility’s network played a direct role in impacting the electric grid.
Read MoreThe NJCCIC assesses with high confidence that profit-motivated cyber extortion schemes such as ransomware and ransom-demanding distributed denial of service (DDoS) threats are likely to persist as effective and lucrative criminal tactics into 2016, with cumulative US losses likely to continue climbing into the hundreds of millions of dollars.
Read MoreThe NJCCIC assesses with moderate confidence that many websites remain at high risk of cross-site scripting (XSS), one of the most commonly exploited web application security vulnerabilities. XSS is a code injection tactic–similar to SQL injection–in which a hacker inputs malicious code into a legitimate web application or website that is then executed in a user’s web browser, often to compromise user credentials or take control of the user’s session.
Read MoreOn October 13, 2015 a New Jersey business discovered an infection of a point-of-sale (PoS) malware variant, detected by antivirus software as lanst.exe, one of many variants commonly known as Dexter.
Read More
