This week, the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) released its Garden State Cyber Threat Highlights, providing insights into the threats and malicious activity directly targeting New Jersey networks. These threat warnings included ones related to Russia/Ukraine and Cuba.
The NJCCIC is the State of New Jersey’s center for cybersecurity information sharing, threat intelligence, and incident reporting.
Russia/Ukraine Cyber Threat Update
The cyber threat level in New Jersey is currently set to ELEVATED, which indicates a significant risk due to increased hacking, virus, or other malicious activity that compromises systems or diminishes service. At this time, the NJCCIC is not aware of any specific or imminent cyber threats to New Jersey.
The NJCCIC received reports of attempts to deliver Cuba ransomware to certain New Jersey organizations. It is known as COLDDRAW ransomware, which gains access to networks using phishing campaigns that deliver malicious software. It also leverages Microsoft Exchange and Remote Desktop Protocols (RDP) to gain access to a victim’s network. Additionally, it leverages stolen Windows Admin privileges to execute ransomware and other processes remotely. The FBI identified sectors including financial, healthcare, manufacturing, and others that were compromised by Cuba ransomware, beginning in November 2021.
Local businesses are vulnerable to potential attacks. Working with an expert Managed Security provider in New Jersey will minimize the security risks for your business. IT Security solutions for SMBs have evolved in the past year – we recommend taking advantage of our Secure Global Network (SGN) solution to gain protection, security, accessibility, resilience, and connectivity your organization needs.
The NJCCIC recommends administrators follow these guidelines
- establish a comprehensive data backup plan that includes performing scheduled backups regularly, while keeping an updated copy offline in a separate and secure location
- testing backup regularly
- keep systems up to date and apply patches as they become available
- enable strong endpoint security
- implement a defense-in-depth strategy
- segment networks
- enable multi-factor authentication (MFA) where available
- implement incident response plans