Cross-Site Scripting: Many Websites Remain Vulnerable to Common Web Exploit

The NJCCIC assesses with moderate confidence that many websites remain at high risk of cross-site scripting (XSS), one of the most commonly exploited web application security vulnerabilities. XSS is a code injection tactic–similar to SQL injection–in which a hacker inputs malicious code into a legitimate web application or website that is then executed in a user’s web browser, often to compromise user credentials or take control of the user’s session.

Read More
Oil and Gas: Industry Among Sectors with Highest Cyber Risk

The NJCCIC assesses with high confidence the cyber risk to the oil and gas industry is high and the energy sector at large is a priority target of foreign intelligence services. While state-sponsored groups have demonstrated the capability to launch cyberattacks that cause physical damage to energy infrastructure, New Jersey’s energy sector is most likely to face reconnaissance and intelligence collection activities aimed at exfiltrating data and establishing persistence on high-value networks, for potential use in future sabotage operations.

Read More
Critical Infrastructure: Vulnerabilities Increasing, Risks High

Critical infrastructure sites are increasingly vulnerable to cyberattack as the systems that run them become more accessible, interconnected, and reliant on cyberspace. The risks posed to Industrial Control System and Supervisory Control and Data Acquisition (ICS/SCADA) systems will continue to heighten as new and existing vulnerabilities are exploited by both criminal and state-sponsored threat actors.

Read More
Ransomware: Lucrative Cyber Crime Tactics Rapidly Evolving

The NJCCIC assesses ransomware infections will continue to increase steadily and pose a threat to the public and private sector, as well as home users, as the technical barriers to conduct these cybercrime campaigns continue to drop and the return on investment for cybercriminals remains extremely high. The NJCCIC recommends all organizations and home users familiarize themselves with ransomware tactics and implement the necessary security and backup strategies to mitigate this threat.

Read More