The NJCCIC continues to observe attempted Telephone-Oriented Attack Delivery (TOAD) phishing email attacks, similar to open-source reporting. Prior to the attack, cybercriminals perform reconnaissance on victims, gathering information from various sources.

Reported card skimming incidents increased by 40 percent from 2022 to 2023. More specifically, New Jersey is one of the top five states, accounting for nearly 50 percent of card compromise reports (CCRs). The outlook for 2024 shows an upward trend.

The NJCCIC observed two new phishing campaigns utilizing PowerShell scripts to drop multiple malicious payloads. One campaign, dubbed ClickFix, launched by a threat actor identified as TA571 which was also behind the recently observed DarkGate phishing campaign.

The NJCCIC recently received multiple incident reports from organizations targeted with direct deposit scams in an attempt to change bank account information for direct deposit payments for payroll to facilitate fraud. K-12 school districts are primarily targeted.

A growing number of cyberattacks were discovered targeting retailers and online consumers as summer sales heat up. Though the holiday season remains the most profitable time for retailers, sale events are often launched in the slower summer months to increase revenue.

The NJCCIC recently observed an uptick in phishing campaigns targeting New Jersey State employees using a legitimate file-sharing platform and URL redirects to steal user credentials and deliver malware. One scheme uses an Adobe Acrobat link.

The NJCCIC recently received reports of a phishing campaign that was also identified by Proofpoint. The campaign targets students and faculty and involves malicious emails using piano or musical instrument-themed messages to lure people into advance fee fraud (AFF) scams.

DarkGate has spread through several phishing campaigns, including fake browser updates, the messaging feature in Microsoft Teams, and PDFs containing Google DoubleClick Digital Marketing (DDM) open redirects. The NJCCIC recently reported on DarkGate exploiting Windows.

Vulnerabilities have been discovered in Progress Telerik Report Server, which could allow for remote code execution. Telerik Report Server provides centralized management for Progress business intelligence reporting suite through a web application.

A vulnerability has been discovered in Check Point Security Gateway Products that could allow for credential access. A Check Point Security Gateway sits between an organization’s environment and the Internet to enforce policy and block threats and malware.