The NJCCIC wishes our members and all New
Jerseyans a happy and healthy New Year!
Garden State Cyber Threat Highlight
Providing our members with a weekly insight into the threats and malicious activity directly targeting New Jersey networks.
Dridex Phishing Campaign
Image Source: Trend Micro
The NJCCIC has detected a phishing campaign targeting New Jersey State employees and users around the country that intends to install the Dridex banking trojan onto targeted systems. Recent subject lines associated with this campaign begin with words such as “Payment,” “Inv,” “Acknowledge,” and “Account,” followed by varying letter/number combinations. These emails contain Microsoft Word document attachments that when opened and if macros are enabled, downloads the Dridex trojan. Banking trojans are used by threat actors to obtain login credentials for financial and other sensitive accounts. The NJCCIC recommends educating end users about this and similar threats and reminding them never to click on links or open attachments delivered with unexpected or unsolicited emails. Additionally, if end users have received and taken action on these emails, isolate the affected systems from the network and perform a full system scan using a reputable anti-virus/anti-malware solution. Proactively monitor and change passwords to any financial, personal, or business accounts accessed on infected systems and enable multi-factor authentication where available.
Announcements
Partner Webinar
Make Protecting Your Small Business Assets Against Cyber Threats A Goal This New Year
Join the National Cyber Security Alliance (NCSA) for a webinar on protecting small business assets against cyber threats. Speakers from NCSA, the National Institute of Standards and Technology, and Trend Micro will discuss basic strategies for protecting small businesses, as well as some best practices organizations can implement immediately.
McAfee examines the current threat landscape in their “Threats Report” for Q3 of 2018, available here. Some key takeaways are below:
Gaining valid user credentials continues to be the easiest means for threat actors to severely compromise an organization.
Uncommon file types that bypass email filters, like IQY files, are being used to deliver banking malware.
Overall reported cyber incidents fell 12 percent, but the private sector saw a 150 percent increase during Q3.
Credit card theft originates more often on third-party payment platforms than point-of-sale (POS) systems.
Ten million new samples set JavaScript malware at a record high (up 45 percent); coin-mining malware also saw a 55 percent increase during Q3, and a 4400 percent increase over the past four quarters.
DHS Releases Information on Chinese Malicious Cyber Activity
The US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) released technical details on the tactics, techniques, and procedures (TTPs) used by Chinese government threat actors to actively target information technology (IT) service providers, such as managed service providers and cloud service providers, and their customers. All IT service providers and their customers are encouraged to follow the recommendations, tools, and actions provided in their post and in alerts TA17-117A and TA18-276A.
DOJ Charges Chinese Nationals for Hacking
Technology Companies and Government Agencies
On December 20, the US Department of Justice (DOJ) announced charges against two Chinese nationals, Zhu Hua and Zhang Shilong, with conspiracy to commit computer intrusions and wire fraud, and aggravated identity theft in connection to global hacking operations meant to steal trade secrets and intellectual property from technology companies and government agencies, as well as personal data on over 100,000 members of the US Navy. The charged individuals acted under the advanced persistent threat (APT) group known as APT10 and Stone Panda, who began their hacking campaigns in 2006. The recent indictment reflects the increased effort in recent years by US law enforcement to publicly hold threat actors accountable for cyber crimes against US citizens, organizations, and government entities.
Anticipatory Awareness Message: Cyber Security for Smart Buildings
The FBI and Telecommunications Industry Association (TIA) released a Private Industry Notification (PIN) regarding the inclusion of next-generation information and communication technologies into smart building infrastructure and the possible new threat vectors for malicious cyber actors that may result. The notification provides a primer on presumed and anticipated security issues which may arise from the increasing number of smart buildings across the US, and presents partners in industry with some mitigation measures and best practices.
Threat Alert
Domain Spoofing Offers a Way to Bypass 2FA
Amnesty International published a report providing insight into multiple phishing campaigns targeting Human Rights Defenders (HRDs) in the Middle East and North Africa. The campaigns focus on Google and Yahoo accounts, and attempt to override two-factor authentication (2FA), also known as multi-factor authentication (MFA). One campaign, dating back to 2017, appeared as a “security alert” email that lured victims to malicious domains masquerading as Google or Yahoo. Once on the site, users entered their credentials and 2FA code. This information was sent to the threat actor just in time to compromise the account before the access code expired. A second campaign targeted email services touting security, like Tutanota and ProtonMail. In this case, threat actors registered domains that were almost identical to legitimate ones, and included a padlock symbol for transport encryption. These sites stole user account credentials while separately logging the user into the legitimate mail service domain. Phishing continues to be a major threat to organizations at all levels and, therefore, the NJCCIC highly recommendsnever using links provided in unsolicited emails to visit websites requiring the input of account credentials. Instead, we advise visiting the account’s associated website by typing the legitimate address directly into the URL field of your web browser. Despite the tactics used in these campaigns, we highly recommend enabling MFA on all accounts that offer it for extra security. For more information and a list of indicators, review the Amnesty International report.
Breach Notification
Caribou Coffee
Caribou Coffee recently suffered a data breach exposing customer payment information taken from 265 US stores during a three-month period. An unauthorized party had access to point-of-sale systems between August 28-December 3, 2018, revealing customer names, payment card numbers, expiration dates, and security codes. Payments made through its rewards program were unaffected. Impacted customers are advised to monitor financial accounts for suspicious activity, notify their card issuers immediately if they notice unauthorized charges made to their accounts, and take advantage of any free credit monitoring services offered by Caribou Coffee.
Beware of BMW Lottery Email Scam Stating You Won a BMQ M240i Comment: Scam campaigns such as this are attempting to gain personal information from recipients. If an individual replies, threat actors will often continue to target that person as they know this email account is active and the recipient is susceptible to similar scams. Information gathered in this campaign can be used to perform identity theft or gain access to victims’ accounts. Users are advised to refrain from answering scam emails and providing any personal information; simply delete these and similar messages.
Cyber at a Glance
2019 Cyber Security New Year’s Resolutions Comment: While it is impossible to safeguard yourself against every cyber threat, there are a number of things you can do to better secure yourself online in the new year: secure your passwords by changing passwords that are easy to guess, resetting default passwords, and enabling MFA whenever possible; stop oversharing online as threat actors can leverage what you post against you; only use sites that have an encrypted connection via HTTPS; implement regular backups of important data in case it is corrupted or lost; keep all your software and hardware patched and up-to-date to minimize vulnerabilities; scrutinize any emails you receive for legitimacy; and consider using a VPN for even tighter security.
The Weekly Bulletin aggregates information about cyber threats, vulnerabilities, and other resources to promote shared awareness and the adoption of best practices. Designed for a general audience, the Bulletin aims to bridge the information sharing gaps between all levels of government, the private sector, and our citizens.
Connect
Share
We respect your right to privacy - click here to view our policy.