The NJCCIC recently received multiple incident reports from organizations targeted with direct deposit scams in an attempt to change bank account information for direct deposit payments for payroll to facilitate fraud. K-12 school districts are primarily targeted.
A growing number of cyberattacks were discovered targeting retailers and online consumers as summer sales heat up. Though the holiday season remains the most profitable time for retailers, sale events are often launched in the slower summer months to increase revenue.
The NJCCIC recently observed an uptick in phishing campaigns targeting New Jersey State employees using a legitimate file-sharing platform and URL redirects to steal user credentials and deliver malware. One scheme uses an Adobe Acrobat link.
The NJCCIC recently received reports of a phishing campaign that was also identified by Proofpoint. The campaign targets students and faculty and involves malicious emails using piano or musical instrument-themed messages to lure people into advance fee fraud (AFF) scams.
DarkGate has spread through several phishing campaigns, including fake browser updates, the messaging feature in Microsoft Teams, and PDFs containing Google DoubleClick Digital Marketing (DDM) open redirects. The NJCCIC recently reported on DarkGate exploiting Windows.
Vulnerabilities have been discovered in Progress Telerik Report Server, which could allow for remote code execution. Telerik Report Server provides centralized management for Progress business intelligence reporting suite through a web application.
A vulnerability has been discovered in Check Point Security Gateway Products that could allow for credential access. A Check Point Security Gateway sits between an organization’s environment and the Internet to enforce policy and block threats and malware.
The NJCCIC continues to observe social engineering schemes targeting individuals seeking employment, often referred to as job scams. Increases in layoffs and job cuts exacerbate this issue; layoffs in the financial sector alone increased in the first quarter of 2023.
In May 2023, Google launched several new top-level domains (TLDs), including .ZIP. The use of .ZIP for filename extensions and domain names is legitimate; however, threat actors are exploiting the .ZIP domain name in a new phishing technique called “file archiver in the browser.”
FortiSIEM is a multi-tenant SIEM that offers user awareness for threat detection, analysis, and reporting. Vulnerabilities have been discovered which could allow for remote code execution. An attacker could then install programs; view, change, or delete data; or create new accounts.
